From a2b41598d67b3e318bf5e678dfeb99611c88ed59 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 Jan 2022 14:52:59 +0100 Subject: [PATCH 001/483] Draft specification for key derivation Pass all the initial inputs in a single structure. It's impossible to pass the inputs as soon as the application makes them available because the core cannot know which driver to call until it receives the SECRET input. Do support hiding the key material inside a secure element if the relevant driver has all the requisite entry points. Do cooked key derivation (i.e. derivation of non-raw keys) and key agreement separately. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 267 ++++++++++++++++++++++++-- 1 file changed, 250 insertions(+), 17 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 125a415f46..c12e01065c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -297,25 +297,251 @@ TODO TODO -#### Operation family `"key_derivation"` +### Driver entry points for key derivation -This family requires the following type and entry points: +Key derivation is more complex than other multipart operations due to the multiplicity of inputs and outputs, to the fact that multiple drivers can be involved (key agreement and subsequent key derivation accelerator, opaque driver for the secret key and for derived keys), and because the involvement of an opaque driver cannot be determined as soon as the operation is set up (since `psa_key_derivation_setup()` does not determine the key input). -* Type `"key_derivation_operation_t"`: the type of a key derivation operation context. -* `"key_derivation_setup"`: called by `psa_key_derivation_setup()`. -* `"key_derivation_set_capacity"`: called by `psa_key_derivation_set_capacity()`. The core will always enforce the capacity, therefore this function does not need to do anything for algorithms where the output stream only depends on the effective generated length and not on the capacity. -* `"key_derivation_input_bytes"`: called by `psa_key_derivation_input_bytes()` and `psa_key_derivation_input_key()`. For transparent drivers, when processing a call to `psa_key_derivation_input_key()`, the core always calls the applicable driver's `"key_derivation_input_bytes"` entry point. -* `"key_derivation_input_integer"`: called by `psa_key_derivation_input_integer()`. -* `"key_derivation_input_key"` (opaque drivers only) -* `"key_derivation_output_bytes"`: called by `psa_key_derivation_output_bytes()`; also by `psa_key_derivation_output_key()` for transparent drivers. -* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()` for transparent drivers when deriving an asymmetric key pair, and also for opaque drivers. -* `"key_derivation_verify_bytes"` (opaque drivers only). -* `"key_derivation_verify_key"` (opaque drivers only). -* `"key_derivation_abort"`: called by all key derivation functions of the PSA Cryptography API. +#### Key derivation driver dispatch logic -TODO: key input and output for opaque drivers; deterministic key generation for transparent drivers +The core decides whether to dispatch a key derivation operation to a driver based on the location of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. -TODO +1. If this step is passed via `psa_key_derivation_input_key()` for a key in a secure element: + * If the driver for this secure element implements the `"key_derivation"` family for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. + * Otherwise the core calls the secure element driver's [`"export_key"`](#key-management-with-opaque-drivers) entry point. +2. Otherwise ([or on fallback?](#fallback-for-key-derivation-in-opaque-drivers)), if there is a transparent driver for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. +3. Otherwise, or on fallback, the core uses its built-in implementation. + +#### Summary of entry points for the operation family `"key_derivation"` + +A key derivation driver has the following entry points: + +* `"key_derivation_setup"` (mandatory): always the first entry point to be called. This entry point provides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver setup”](#key-derivation-driver-setup). +* `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver extra inputs”](#key-derivation-driver-inputs). +* `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). +* `"key_derivation_derive_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). +* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). +* `"key_derivation_abort"` (mandatory): always the last entry point to be called. + +For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: +``` +typedef ... acme_key_derivation_operation_t; +psa_status_t acme_hash_abort(acme_key_derivation_operation_t *operation); +``` + +#### Key derivation driver initial inputs + +The core conveys the initial inputs for a key derivation via an opaque data structure of type `psa_crypto_driver_key_derivation_inputs_t`. + +``` +typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type +``` + +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its content using the following functions. + +``` +psa_status_t psa_crypto_driver_key_derivation_get_input_size( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step, + size_t *size); +psa_status_t psa_crypto_driver_key_derivation_get_input_bytes( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step, + uint8_t *output, size_t output_size, size_t *output_length); +psa_status_t psa_crypto_driver_key_derivation_get_input_key( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step, + uint8_t** p_key_buffer, size_t *key_buffer_size); +psa_status_t psa_crypto_driver_key_derivation_get_input_integer( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step, + uint64_t *value); +``` + +These functions take the following parameters: + +* The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry points which has not returned yet. +* The `step` parameter indicates the input step whose content the driver wants to retrieve. The type of the input step must be compatible with the function: + * `psa_crypto_driver_key_derivation_get_input_integer` for integer inputs (steps that the application passes with `psa_key_derivation_input_integer()`). + * `psa_crypto_driver_key_derivation_get_input_size` and `psa_crypto_driver_key_derivation_get_input_bytes` for data inputs (steps that the application passes with `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()`, excluding key inputs from the same secure element). + * `psa_crypto_driver_key_derivation_get_input_key` for key inputs (steps that the application passes with `psa_key_derivation_input_key()`, only for secure element drivers receiving a key from the same secure element). +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the desired input in bytes. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `output` with the desired input and sets `*output_length` to *N*, where *N* is the length of the input in bytes. The value of `output_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_key`, the core sets `*key_buffer` to a pointer to a buffer containing the key context and `*key_buffer_size` to the size of the key context in bytes. The key context buffer remains valid for the duration of the driver entry point. If the driver needs to access the key context after the current entry point returns, it must make a copy of the key context. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_integer`, the core sets `*value` to the value of the desired input. + +These functions can return the following statuses: + +* `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter. +* `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. +* `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-extra-inputs). +* `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. +* `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. +* The core may return other errors such as `PSA_ERROR_CORRUPTION_DETECTED` or `PSA_ERROR_COMMUNICATION_FAILURE` to convey implementation-specific error conditions. Portable drivers should treat such conditions as fatal errors. + +#### Key derivation driver setup + +A key derivation driver must implement the following entry point: +``` +psa_status_t acme_key_derivation_setup( + acme_key_derivation_operation_t *operation, + psa_algorithm_t alg, + const psa_crypto_driver_key_derivation_inputs_t *inputs); +``` + +* `operation` is a zero-initialized operation object. +* `alg` is the algorithm for the key derivation operation. It does not include a key agreement component. +* `inputs` is an opaque pointer to the [initial inputs](#key-derivation-driver-initial-inputs) for the key derivation. + +The following process describes how a driver is expected to retrieve the inputs of the key derivation. For each input step that is valid for the algorithm `alg` and is not a [long input](#key-derivation-driver-long-inputs): + +* If the step is a data step and the driver is an opaque driver, call `psa_crypto_driver_key_derivation_get_input_key`. This may either succeed or fail with `PSA_ERROR_INSUFFICIENT_DATA` depending on whether the input comes from the same secure element or not. Note that the driver obtains a pointer key context which only remains valid until the end of the call to the setup entry point. If the driver needs the context in subsequent steps of the operation, it must make a copy. +* If the step is a data step and the driver is a transparent driver, or if `psa_crypto_driver_key_derivation_get_input_key` returned `PSA_ERROR_INSUFFICIENT_DATA`, call `psa_crypto_driver_key_derivation_get_input_size` to retrieve the size of the input, then call `psa_crypto_driver_key_derivation_get_input_bytes` with a large enough buffer to retrieve the input data. +* If the step is an integer, call `psa_crypto_driver_key_derivation_get_input_integer`. + +#### Key derivation driver long inputs + +Some key derivation algorithms take long inputs which it would not be practical to pass in the [initial inputs](#key-derivation-driver-initial-inputs). A driver that implements a key derivation algorithm that takes such inputs must provide a `"key_derivation_input_step"` entry point. The core calls this input step for all the long inputs, in an unspecified order. Long input steps may be fragmented into multiple calls of `psa_key_derivation_input_bytes()`, and the core may reassemble or refragment those fragments before passing them to the driver. + +``` +psa_status_t acme_key_derivation_input_step( + acme_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + const uint8_t *input, size_t input_length); +``` + +At the time of writing, no standard key derivation algorithm has long inputs. It is likely that such algorithms will be added in the future. + +#### Key derivation driver operation capacity + +The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support `"key_derivation_derive_key"` for key types where the derived key material is not a direct copy of the key derivation's output stream. + +Such drivers must enforce the capacity limitation and must return `PSA_ERROR_INSUFFICIENT_CAPACITY` from any output request that exceeds the operation's capacity. Such drivers must provide the following entry point: +``` +psa_status_t acme_key_derivation_set_capacity( + acme_key_derivation_operation_t *operation, + size_t capacity); +``` +`capacity` is guaranteed to be less or equal to any value previously set through this entry point, and is guaraneed not to be `PSA_KEY_DERIVATION_UNLIMITED_CAPACITY`. + +If this entry point has not been called, the operation has an unlimited capacity. + +#### Key derivation driver outputs + +A key derivation driver must provide the following entry point: +``` +psa_status_t acme_key_derivation_output_bytes( + acme_key_derivation_operation_t *operation, + uint8_t *output, size_t length); +``` + +An opaque key derivation driver may provide the following entry points: +``` +psa_status_t acme_key_derivation_output_key( + const psa_key_attributes_t *attributes, + acme_key_derivation_operation_t *operation, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); +psa_status_t acme_key_derivation_verify_bytes( + acme_key_derivation_operation_t *operation, + const uint8_t *expected output, size_t length); +psa_status_t acme_key_derivation_verify_key( + acme_key_derivation_operation_t *operation, + uint8_t *key_buffer, size_t key_buffer_size); +``` + +The core calls a key derivation driver's output entry point when the application calls `psa_key_derivation_output_bytes()`, `psa_key_derivation_output_key()`, `psa_key_derivation_verify_bytes()` or `psa_key_derivation_verify_key()`. + +If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure element and the derivation operation is handled by that secure element, the core performs the following steps: + +1. For a call to `psa_key_derivation_output_key()` where the derived key is in the same secure element, if the driver has an `"key_derivation_output_key"` entry point, call that entry point. If the driver has no such entry point, or if that entry point returns `PSA_ERROR_NOT_SUPPORTED`, continue with the following steps, otherwise stop. +1. For a call to `psa_key_derivation_output_key()`, if the driver's capabilities indicate that its `"import_key"` entry point does not support the derived key, stop and return `PSA_ERROR_NOT_SUPPORTED`. +1. For a call to `psa_key_derivation_verify_key()`, if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. +1. For a call to `psa_key_derivation_verify_key()` or `psa_key_derivation_verify_bytes()`, if the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's `"export_key"` entry point on the key object that contains the expected value, call the `"key_derivation_verify_bytes"` entry point on the exported material, and stop. +1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a non-raw key or if the output size exceeds some implementation limit. + +If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the driver then calls additional entry points in the same or another driver: + +* For a call to `psa_key_derivation_output_key()` for some key types, the core calls a transparent driver's `"derive_key"` entry point. See [“Transparent cooked key derivation”](#transparent-cooked-key-derivation). +* For a call to `psa_key_derivation_output_key()` where the derived key is in a secure element, call that secure element driver's `"import_key"` entry point. + +#### Transparent cooked key derivation + +Key derivation is said to be *raw* for some key types, where the key material of a derived (8×*n*)-bit key consists of the next *n* bytes of output from the key derivation, and *cooked* otherwise. When deriving a raw key, the core only calls the driver's `"output_bytes"` entry point, except when deriving a key entirely inside a secure element as described in [“Key derivation driver outputs”](#key-derivation-driver-outputs). When deriving a cooked key, the core calls a transparent driver's `"derive_key"` entry point if available. + +A capability for cooked key derivation contains the following properties (this is not a subset of [the usual entry point properties](#capability-syntax)): + +* `"entry_points"` (mandatory, list of strings). Must be `["derive_key"]`. +* `"derived_types"` (mandatory, list of strings). Each element is a [key type specification](#key-type-specifications). This capability only applies when deriving a key of the specified type. +* `"derived_sizes"` (optional, list of integers). Each element is a [key type specification](#key-type-specifications). This capability only applies when deriving a key of the specified sizes, in bits. If absent, this capability applies to all sizes for the specified types. +* `"memory"` (optional, boolean). If present and true, the driver must define a type `"derive_key_memory_t"` and the core will allocate an object of that type as specified below. +* `"names"` (optional, object). A mapping from entry point names to C function and type names, as usual. +* `"fallback"` (optional, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED` if it only partially supports the specified mechanism, as usual. + +A transparent driver with the prefix `"acme"` that implements cooked key derivation must provide the following type and function: + +``` +typedef ... acme_derive_key_memory_t; // only if the "memory" property is true +psa_status_t acme_derive_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + acme_derive_key_memory_t *memory, // if the "memory" property is false: void* + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); +``` + +* `attributes` contains the attributes of the desired key. Note that only the key type and the bit-size are guaranteed to be set. +* `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. +* If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. +* `key_buffer` is a buffer for the output material. Its size is `key_buffer_size` bytes. +* On success, `*key_buffer_length` must contain the number of bytes written to `key_buffer`. + +This entry point may return the following statuses: + +* `PSA_SUCCESS`: a key was derived successfully. The driver has placed representation of the key is in `key_buffer`. +* `PSA_ERROR_NOT_SUPPORTED` (for the first call only) (only if fallback is enabled): the driver cannot fulfill this request, but a fallback driver might. +* `PSA_ERROR_INSUFFICIENT_DATA`: the core must call the `"derive_key"` entry point again with the same `memory` object and with subsequent data from the key stream. +* Any other error is a fatal error. + +The core calls the `"derive_key"` entry point in a loop until it returns a status other than `PSA_ERROR_INSUFFICIENT_DATA`. Each call has a successive fragment of the key stream. The `memory` object is guaranteed to be the same for successive calls, but note that its address may change between calls. Before the first call, `*memory` is initialized to all-bits-zero. + +For standard key types, the `"derive_key"` entry point is called with a certain input length as follows: + +* `PSA_KEY_TYPE_DES`: the length of the key. +* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: *m* bytes, where the bit-size of the key *n* satisfies *m*-1 < 8×*n* ≤ *m*. +* `PSA_KEY_TYPE_RSA_KEY_PAIR`: an implementation-defined length. A future version of this specification may specify a length. +* Other key types: not applicable. + +#### Key agreement + +The core always decouples key agreement from symmetric key derivation. + +To implement a call to `psa_key_derivation_key_agreement()` where the private key is in a secure element that has a `"key_agreement_to_key"` entry point which is applicable for the given key type and algorithm, the core calls the secure element driver as follows: + +1. Call the `"key_agreement_to_key"` entry point to create a key object containing the shared secret. The key object is volatile and has the type `PSA_KEY_TYPE_DERIVE`. +2. Call the `"key_derivation_setup"` entry point, passing the resulting key object . +3. Perform the rest of the key derivation, up to and including the call to the `"key_derivation_abort"` entry point. +4. Call the `"destroy_key"` entry point to destroy the key containing the key object. + +In other cases, the core treats `psa_key_derivation_key_agreement()` as if it was a call to `psa_raw_key_agreement()` followed by a call to `psa_key_derivation_input_bytes()` on the shared secret. + +The entry points related to key agreement have the following prototypes for a driver with the prefix `"acme"`: +``` +psa_status_t acme_key_agreement(psa_algorithm_t alg, + const uint8_t *our_key_buffer, + size_t our_key_buffer_length, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *output, + size_t output_size, + size_t *output_length); +psa_status_t acme_key_agreement_to_key(psa_algorithm_t alg, + const psa_key_attributes_t *attributes, + const uint8_t *our_key_buffer, + size_t our_key_buffer_length, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *shared_secret_key_buffer, + size_t shared_secret_key_buffer_size, + size_t *shared_secret_key_buffer_length); +``` ### Driver entry points for key management @@ -336,8 +562,9 @@ psa_status_t acme_generate_key(const psa_key_attributes_t *attributes, size_t key_buffer_size, size_t *key_buffer_length); ``` +Additionally, opaque drivers can create keys through their [`"key_derivation_output_key"`](#key-derivation-driver-outputs) and [`"key_agreement_key"`](#key-agreement) entry points. Transparent drivers can create key material through their [`"derive_key"`](#transparent-cooked-key-derivation) entry point. -TODO: derivation, copy +TODO: copy * The key attributes (`attributes`) have the same semantics as in the PSA Cryptography application interface. * For the `"import_key"` entry point, the input in the `data` buffer is either the export format or an implementation-specific format that the core documents as an acceptable input format for `psa_import_key()`. @@ -660,7 +887,7 @@ If the key is stored in wrapped form outside the secure element, and the wrapped Opaque drivers may provide the following key management entry points: -* `"export_key"`: called by `psa_export_key()`, or by `psa_copy_key()` when copying a key from or to a different [location](#lifetimes-and-locations). +* `"export_key"`: called by `psa_export_key()`, or by `psa_copy_key()` when copying a key from or to a different [location](#lifetimes-and-locations), or [as a fallback for key derivation](#key-derivation-driver-dispatch-logic). * `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this entry point at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object. * `"import_key"`: called by `psa_import_key()`, or by `psa_copy_key()` when copying a key from another location. * `"generate_key"`: called by `psa_generate_key()`. @@ -974,6 +1201,12 @@ An example use case for updating the persistent state at arbitrary times is to r `psa_crypto_driver_get_persistent_state` does not identify the calling driver, so the driver needs to remember which driver it's calling. This may require a thread-local variable in a multithreaded core. Is this ok? +#### Fallback for key derivation in opaque drivers + +Should [dispatch to an opaque driver](#key-derivation-driver-dispatch-logic) allow fallback, so that if `"key_derivation_setup"` returns `PSA_ERROR_NOT_SUPPORTED` then the core exports the key from the secure element instead? + +Should the ["`key_derivation_output_key`"](#key-derivation-driver-outputs) capability indicate which key types the driver can derive? How should fallback work? For example, consider a secure element that implements HMAC, HKDF and ECDSA, and that can derive an HMAC key from HKDF without exporting intermediate material but can only import or randomly generate ECC keys. How does this driver convey that it can't derive an ECC key with HKDF, but it can let the core do this and import the resulting key? + ### Randomness #### Input to `"add_entropy"` From 220bda7f76f04311aff19d5f066cbeb3590147b7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Jan 2022 12:03:34 +0100 Subject: [PATCH 002/483] Rename a function parameter to avoid confusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Don't use “output” for an input of the KDF. It's correct in context (it's the output of a function that copies the input of the KDF from core-owned memory to driver-owned memory) but confusing. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index c12e01065c..e3ec0b19de 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -346,7 +346,7 @@ psa_status_t psa_crypto_driver_key_derivation_get_input_size( psa_status_t psa_crypto_driver_key_derivation_get_input_bytes( const psa_crypto_driver_key_derivation_inputs_t *inputs, psa_key_derivation_step_t step, - uint8_t *output, size_t output_size, size_t *output_length); + uint8_t *buffer, size_t buffer_size, size_t *buffer_length); psa_status_t psa_crypto_driver_key_derivation_get_input_key( const psa_crypto_driver_key_derivation_inputs_t *inputs, psa_key_derivation_step_t step, @@ -365,13 +365,13 @@ These functions take the following parameters: * `psa_crypto_driver_key_derivation_get_input_size` and `psa_crypto_driver_key_derivation_get_input_bytes` for data inputs (steps that the application passes with `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()`, excluding key inputs from the same secure element). * `psa_crypto_driver_key_derivation_get_input_key` for key inputs (steps that the application passes with `psa_key_derivation_input_key()`, only for secure element drivers receiving a key from the same secure element). * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the desired input in bytes. -* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `output` with the desired input and sets `*output_length` to *N*, where *N* is the length of the input in bytes. The value of `output_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `buffer` with the desired input and sets `*buffer_length` to *N*, where *N* is the length of the input in bytes. The value of `buffer_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_key`, the core sets `*key_buffer` to a pointer to a buffer containing the key context and `*key_buffer_size` to the size of the key context in bytes. The key context buffer remains valid for the duration of the driver entry point. If the driver needs to access the key context after the current entry point returns, it must make a copy of the key context. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_integer`, the core sets `*value` to the value of the desired input. These functions can return the following statuses: -* `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter. +* `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). * `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. * `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-extra-inputs). * `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. From c2e29108f00550687694618e3ea9fe7177251fcb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Jun 2022 17:07:19 +0200 Subject: [PATCH 003/483] Fix internal links Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index e3ec0b19de..43586f397e 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -316,7 +316,7 @@ The core decides whether to dispatch a key derivation operation to a driver base A key derivation driver has the following entry points: * `"key_derivation_setup"` (mandatory): always the first entry point to be called. This entry point provides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver setup”](#key-derivation-driver-setup). -* `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver extra inputs”](#key-derivation-driver-inputs). +* `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_derive_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). @@ -373,7 +373,7 @@ These functions can return the following statuses: * `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). * `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. -* `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-extra-inputs). +* `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). * `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. * `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. * The core may return other errors such as `PSA_ERROR_CORRUPTION_DETECTED` or `PSA_ERROR_COMMUNICATION_FAILURE` to convey implementation-specific error conditions. Portable drivers should treat such conditions as fatal errors. @@ -697,7 +697,7 @@ psa_status_t acme_import_key(const psa_key_attributes_t *attributes, This entry point has several roles: 1. Parse the key data in the input buffer `data`. The driver must support the export format for the key types that the entry point is declared for. It may support additional formats as specified in the description of [`psa_import_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) in the PSA Cryptography API specification. -2. Validate the key data. The necessary validation is described in the section [“Key validation with transparent drivers”](#key-validation-with-transparent-drivers) above. +2. Validate the key data. The necessary validation is described in the section [“Key validation”](#key-validation) above. 3. [Determine the key size](#key-size-determination-on-import) and output it through `*bits`. 4. Copy the validated key data from `data` to `key_buffer`. The output must be in the canonical format documented for [`psa_export_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) or [`psa_export_public_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_public_key), so if the input is not in this format, the entry point must convert it. From 1a5b83007c4c1dc6950941f7764c3adb18d208aa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Jun 2022 17:47:40 +0200 Subject: [PATCH 004/483] Fix typos and copypasta Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 43586f397e..a0e995c763 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -325,7 +325,7 @@ A key derivation driver has the following entry points: For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: ``` typedef ... acme_key_derivation_operation_t; -psa_status_t acme_hash_abort(acme_key_derivation_operation_t *operation); +psa_status_t acme_key_derivation_abort(acme_key_derivation_operation_t *operation); ``` #### Key derivation driver initial inputs @@ -336,7 +336,7 @@ The core conveys the initial inputs for a key derivation via an opaque data stru typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type ``` -A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its content using the following functions. +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents using the following functions. ``` psa_status_t psa_crypto_driver_key_derivation_get_input_size( @@ -359,7 +359,7 @@ psa_status_t psa_crypto_driver_key_derivation_get_input_integer( These functions take the following parameters: -* The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry points which has not returned yet. +* The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry point which has not returned yet. * The `step` parameter indicates the input step whose content the driver wants to retrieve. The type of the input step must be compatible with the function: * `psa_crypto_driver_key_derivation_get_input_integer` for integer inputs (steps that the application passes with `psa_key_derivation_input_integer()`). * `psa_crypto_driver_key_derivation_get_input_size` and `psa_crypto_driver_key_derivation_get_input_bytes` for data inputs (steps that the application passes with `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()`, excluding key inputs from the same secure element). @@ -373,7 +373,7 @@ These functions can return the following statuses: * `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). * `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. -* `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). +* `PSA_ERROR_DOES_NOT_EXIST`: the input step is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). * `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. * `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. * The core may return other errors such as `PSA_ERROR_CORRUPTION_DETECTED` or `PSA_ERROR_COMMUNICATION_FAILURE` to convey implementation-specific error conditions. Portable drivers should treat such conditions as fatal errors. @@ -394,7 +394,7 @@ psa_status_t acme_key_derivation_setup( The following process describes how a driver is expected to retrieve the inputs of the key derivation. For each input step that is valid for the algorithm `alg` and is not a [long input](#key-derivation-driver-long-inputs): -* If the step is a data step and the driver is an opaque driver, call `psa_crypto_driver_key_derivation_get_input_key`. This may either succeed or fail with `PSA_ERROR_INSUFFICIENT_DATA` depending on whether the input comes from the same secure element or not. Note that the driver obtains a pointer key context which only remains valid until the end of the call to the setup entry point. If the driver needs the context in subsequent steps of the operation, it must make a copy. +* If the step is a data step and the driver is an opaque driver, call `psa_crypto_driver_key_derivation_get_input_key`. This may either succeed or fail with `PSA_ERROR_INSUFFICIENT_DATA` depending on whether the input comes from the same secure element or not. Note that the driver obtains a pointer to the [key context](#overview-of-driver-entry-points) which only remains valid until the end of the call to the setup entry point. If the driver needs the context in subsequent steps of the operation, it must make a copy. * If the step is a data step and the driver is a transparent driver, or if `psa_crypto_driver_key_derivation_get_input_key` returned `PSA_ERROR_INSUFFICIENT_DATA`, call `psa_crypto_driver_key_derivation_get_input_size` to retrieve the size of the input, then call `psa_crypto_driver_key_derivation_get_input_bytes` with a large enough buffer to retrieve the input data. * If the step is an integer, call `psa_crypto_driver_key_derivation_get_input_integer`. From 3fc9e04bc489b3fcaa8677a1d7add640c1b1e789 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Jun 2022 17:48:46 +0200 Subject: [PATCH 005/483] Be more consistent with raw/cooked key derivation terminology Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index a0e995c763..d737b0d80c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -319,7 +319,7 @@ A key derivation driver has the following entry points: * `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_derive_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). -* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). +* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). * `"key_derivation_abort"` (mandatory): always the last entry point to be called. For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: @@ -413,7 +413,7 @@ At the time of writing, no standard key derivation algorithm has long inputs. It #### Key derivation driver operation capacity -The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support `"key_derivation_derive_key"` for key types where the derived key material is not a direct copy of the key derivation's output stream. +The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support `"key_derivation_derive_key"` [cooked key types](#transparent-cooked-key-derivation), i.e. for key types where the derived key material is not a direct copy of the key derivation's output stream. Such drivers must enforce the capacity limitation and must return `PSA_ERROR_INSUFFICIENT_CAPACITY` from any output request that exceeds the operation's capacity. Such drivers must provide the following entry point: ``` @@ -456,7 +456,7 @@ If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure e 1. For a call to `psa_key_derivation_output_key()`, if the driver's capabilities indicate that its `"import_key"` entry point does not support the derived key, stop and return `PSA_ERROR_NOT_SUPPORTED`. 1. For a call to `psa_key_derivation_verify_key()`, if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. 1. For a call to `psa_key_derivation_verify_key()` or `psa_key_derivation_verify_bytes()`, if the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's `"export_key"` entry point on the key object that contains the expected value, call the `"key_derivation_verify_bytes"` entry point on the exported material, and stop. -1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a non-raw key or if the output size exceeds some implementation limit. +1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the driver then calls additional entry points in the same or another driver: From f30ff751375588cbb09e70472216c23e05131ae2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Jun 2022 17:33:51 +0200 Subject: [PATCH 006/483] List all markdown files in makefile Signed-off-by: Gilles Peskine --- docs/architecture/Makefile | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/architecture/Makefile b/docs/architecture/Makefile index d8db2e067a..6252ab0f91 100644 --- a/docs/architecture/Makefile +++ b/docs/architecture/Makefile @@ -3,10 +3,18 @@ PANDOC = pandoc default: all all_markdown = \ - mbed-crypto-storage-specification.md \ - testing/driver-interface-test-strategy.md \ - testing/invasive-testing.md \ - testing/test-framework.md \ + alternative-implementations.md \ + mbed-crypto-storage-specification.md \ + psa-crypto-implementation-structure.md \ + psa-migration/psa-limitations.md \ + psa-migration/strategy.md \ + psa-migration/tasks-g2.md \ + psa-migration/testing.md \ + testing/driver-interface-test-strategy.md \ + testing/invasive-testing.md \ + testing/psa-storage-format-testing.md \ + testing/test-framework.md \ + tls13-support.md \ # This line is intentionally left blank html: $(all_markdown:.md=.html) From 2e22ecbd096eb10d1c62f84b5f8a3dea25545381 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Jun 2022 17:35:03 +0200 Subject: [PATCH 007/483] Add guide to implementing new cryptographic mechanisms Add a check list with what typically needs to be done when adding a new algorithm, key type or operation. There are a few explanations but this is primarily intended as a list of places to look and not as a detailed explanation of exactly what to do. Signed-off-by: Gilles Peskine --- .../psa-crypto-implementation-structure.md | 102 ++++++++++++++++++ 1 file changed, 102 insertions(+) diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md index cd4d427bf2..e7282381e1 100644 --- a/docs/architecture/psa-crypto-implementation-structure.md +++ b/docs/architecture/psa-crypto-implementation-structure.md @@ -71,3 +71,105 @@ In case of any error occurring at step 3 or 4, psa_fail_key_creation() is called A driver of the Mbed TLS PSA Cryptography API implementation (Mbed TLS PSA driver in the following) is a driver in the sense that it is compliant with the PSA driver interface specification. But it is not an actual driver that drives some hardware. It implements cryptographic operations purely in software. An Mbed TLS PSA driver C file is named psa_crypto_.c and its associated header file psa_crypto_.h. The functions implementing a driver entry point as defined in the PSA driver interface specification are named as mbedtls_psa__(). As an example, the psa_crypto_rsa.c and psa_crypto_rsa.h are the files containing the Mbed TLS PSA driver implementing RSA cryptographic operations. This RSA driver implements among other entry points the "import_key" entry point. The function implementing this entry point is named mbedtls_psa_rsa_import_key(). + +## How to implement a new cryptographic mechanism + +Summary of files to modify when adding a new algorithm or key type: + +* [ ] PSA Crypto API draft, if not already done — [PSA standardization](#psa-standardization) +* [ ] `include/psa/crypto_values.h` or `include/psa/crypto_extra.h` — [New functions and macros](#new-functions-and-macros) +* [ ] `include/psa/crypto_config.h`, `tests/include/test/drivers/crypto_config_test_driver_extension.h` — [Preprocessor symbols](#preprocessor-symbols) +* Occasionally `library/check_crypto_config.h` — [Preprocessor symbols](#preprocessor-symbols) +* [ ] `include/mbedtls/config_psa.h` — [Preprocessor symbols](#preprocessor-symbols) +* [ ] `library/psa_crypto.c`, `library/psa_crypto_*.[hc]` — [Implementation of the mechanisms](#implementation-of-the-mechanisms) +* [ ] `include/psa/crypto_builtin_*.h` — [Translucent data structures](#translucent-data-structures) +* [ ] `tests/suites/test_suite_psa_crypto_metadata.data` — [New functions and macros](#new-functions-and-macros) +* (If adding `PSA_IS_xxx`) `tests/suites/test_suite_psa_crypto_metadata.function` — [New functions and macros](#new-functions-and-macros) +* [ ] `tests/suites/test_suite_psa_crypto*.data`, `tests/suites/test_suite_psa_crypto*.function` — [Unit tests](#unit-tests) +* [ ] `scripts/mbedtls_dev/crypto_knowledge.py`, `scripts/mbedtls_dev/asymmetric_key_data.py` — [Unit tests](#unit-tests) +* [ ] `ChangeLog.d/*.txt` — changelog entry + +Summary of files to modify when adding new API functions: + +* [ ] `include/psa/crypto.h` and `include/psa/crypto_sizes.h`, or `include/psa/crypto_extra.h` — [New functions and macros](#new-functions-and-macros) +* [ ] `library/psa_crypto.c`, `scripts/data_files/driver_templates/*.jinja` — [Implementation of the mechanisms](#implementation-of-the-mechanisms) +* [ ] If adding stateful functions: `include/psa/crypto_struct.h`, `include/psa/crypto_builtin_*.h`, `include/psa/crypto_driver_contexts_*.h` — [Translucent data structures](#translucent-data-structures) +* [ ] `tests/suites/test_suite_psa_crypto.data`, `tests/suites/test_suite_psa_crypto.function`, `tests/suites/test_suite_psa_crypto_driver_wrappers.*` — [Unit tests](#unit-tests) + +Note that this is just a basic guide. In some cases, you won't need to change all the files listed here. In some cases, you may need to change other files. + +### PSA standardization + +Typically, if there's enough demand for a cryptographic mechanism in Mbed TLS, there's enough demand for it to be part of the official PSA Cryptography specification. Therefore the first step before implementing a new mechanism should be to approach the PSA Cryptography working group in Arm for standardization. + +At the time of writing, all cryptographic mechanisms that are accessible through `psa_xxx` APIs in in Mbed TLS are current or upcoming PSA standards. Mbed TLS implements some extensions to the PSA API that offer extra integration customization or extra key policies. + +Mbed TLS routinely implements cryptographic mechanisms that are not yet part of a published PSA standard, but that are scheduled to be part of a future version of the standard. The Mbed TLS implementation validates the feasibility of the upcoming PSA standard. The PSA Cryptography working group and the Mbed TLS development team communicate during the elaboration of the new interfaces. + +### New functions and macros + +If a mechanism requires new functions, they should follow the design guidelines in the PSA Cryptography API specification. + +Functions that are part of the current or upcoming API are declared in `include/psa/crypto.h`, apart from structure accessors defined in `include/psa/crypto_struct.h`. Functions that have output buffers have associated sufficient-output-size macros in `include/psa/crypto_sizes.h`. + +Constants (algorithm identifiers, key type identifiers, etc.) and associated desctructor macros (e.g. `PSA_IS_xxx()`) are defined in `include/psa/crypto_values.h`. + +Functions and macros that are not intended for standardization, or that are at a stage where the draft standard might still evolve significantly, are declared in `include/psa/crypto_extra.h`. + +The PSA Cryptography API specification defines both names and values for certain kinds of constants: algorithms (`PSA_ALG_xxx`), key types (`PSA_KEY_TYPE_xxx`), ECC curve families (`PSA_ECC_FAMILY_xxx`), DH group families (`PSA_DH_FAMILY_xxx`). If Mbed TLS defines an algorithm or a key type that is not part of a current or upcoming PSA standard, pick a value with the `VENDOR` flag set. If Mbed TLS defines an ECC curve or DH group family that is not part of a current or upcoming PSA standard, define a vendor key type and use the family identifier only with this vendor key type. + +New constants must have a test case in `tests/suites/test_suite_psa_crypto_metadata.data` that verifies that `PSA_IS_xxx` macros behave properly with the new constant. New `PSA_IS_xxx` macros must be declared in `tests/suites/test_suite_psa_crypto_metadata.function`. + +### Preprocessor symbols + +Each cryptographic mechanism is optional and can be selected by the application at build time. For each feature `PSA_ttt_xxx`: + +* The feature is available to applications when the preprocessor symbol `PSA_WANT_ttt_xxx` is defined. These symbols are set: + * If `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled: based on the available mechanisms in Mbed TLS, deduced from `mbedtls/mbedtls_config.h` by code in `include/mbedtls/config_psa.h`. + * if `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled: in the application configuration file `include/psa/crypto_config.h` (or `MBEDTLS_PSA_CRYPTO_CONFIG_FILE`, plus `MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`), with code in `include/mbedtls/config_psa.h` deducing the necessary underlying `MBEDTLS_xxx` symbols. +* For transparent keys (keys that are not in a secure element), the feature is implemented by Mbed TLS if `MBEDTLS_PSA_BUILTIN_ttt_xxx` is defined, and by an accelerator driver if `MBEDTLS_PSA_ACCEL_ttt_xxx` is defined. `MBEDTLS_PSA_BUILTIN_ttt_xxx` constants are set in `include/mbedtls/config_psa.h` based on the application requests `PSA_WANT_ttt_xxx` and the accelerator driver declarations `MBEDTLS_PSA_ACCEL_ttt_xxx`. +* For the testing of the driver dispatch code, `tests/include/test/drivers/crypto_config_test_driver_extension.h` sets additional `MBEDTLS_PSA_ACCEL_xxx` symbols. + +For more details, see *[Conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS](../proposed/psa-conditional-inclusion-c.html)*. + +Some mechanisms require other mechanisms. For example, you can't do GCM without a block cipher, or RSA-PSS without RSA keys. When mechanism A requires mechanism B, `include/mbedtls/config_psa.h` ensures that B is enabled whenever A is enabled. When mechanism A requires at least one of a set {B1, B2, B3, ...} but there is no particular reason why enabling A would enable any of the specific Bi's, it's up to the application to choose Bi's and the file `library/check_crypto_config.h` contains compile-time constraints to ensure that at least one Bi is enabled. + +### Implementation of the mechanisms + +The general structure of a cryptographic operation function is: + +1. API function defined in `library/psa_crypto.c`. The entry point performs generic checks that don't depend on whether the mechanism is implemented in software or in a driver and looks up keys in the key store. +2. Driver dispatch code in `scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja` or files included from there. +3. Built-in implementation in `library/psa_crypto_*.c` (with function declarations in the corresponding `.h` file). These files typically contain the implementation of modes of operation over basic building blocks that are defined elsewhere. For example, HMAC is implemented in `library/psa_crypto_mac.c` but the underlying hash functions are implemented in `library/sha*.c` and `library/md*.c`. +4. Basic cryptographic building blocks in `library/*.c`. + +When implementing a new algorithm or key type, there are typically things to change in `library/crypto.c` (e.g. buffer size calculations, algorithm/key-type compatibility) and in the built-in implementation, but not in the driver dispatch code. + +### Translucent data structures + +Some mechanisms require state to be kept between function calls. Keys and key-like data is kept in the key store, which PSA manages internally. Other state, for example the state of multipart operations, is kept in structures allocated by the caller. + +The size of operation structures needs to be known at compile time, since callers may allocate them on the stack. Therefore these structures are defined in a public header: `include/psa/crypto_struct.h` for the parts that are independent of the underlying implementation, `include/psa/crypto_builtin_*` for parts that are specific to the Mbed TLS built-in implementation, `include/psa/crypto_driver_*.h` for structures implemented by drivers. + +### Unit tests + +A number of unit tests are automatically generated by `tests/scripts/generate_psa_tests.py` based on the algorithms and key types declared in `include/psa/crypto_values.h` and `include/psa/crypto_extra.h`: + +* Attempt to create a key with a key type that is not supported. +* Attempt to perform an operation with a combination of key type and algorithm that is not valid or not supported. +* Storage and retrieval of a persistent key. + +When adding a new key type or algorithm: + +* `scripts/mbedtls_dev/crypto_knowledge.py` contains knowledge about the compatibility of key types, key sizes and algorithms. +* `scripts/mbedtls_dev/asymmetric_key_data.py` contains valid key data for asymmetric key types. + +Other things need to be tested manually, either in `tests/suites/test_sutie_psa_crypto.data` or in another file. For example (this is not an exhaustive list): + +* Known answer tests. +* Potential edge cases (e.g. data less/equal/more than the block size, number equal to zero in asymmetric cryptography). +* Tests with invalid keys (e.g. wrong size or format). +* Tests with invalid data (e.g. wrong size or format, output buffer too small, invalid padding). +* For new functions: incorrect function call sequence, driver dispatch (in `tests/suites/test_suite_psa_crypto_driver_wrappers.*`). +* For key derivation algorithms: variation on the sequence of input steps, variation on the output size. + From 54eb0686b3aae1310ea084a3663098653eb9b047 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Jun 2022 18:09:27 +0200 Subject: [PATCH 008/483] New function psa_crypto_driver_key_derivation_get_input_type The new function psa_crypto_driver_key_derivation_get_input_type() allows drivers to retrieve the effective type of each input step, and thus to call the correct get-data function. This is simpler than the previous scheme which required a somewhat contrived dance with get_key() and get_bytes() for inputs that can be passed either as a key or as a byte buffer at the application's choice. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 42 ++++++++++++++++++--------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index d737b0d80c..fa3f1d1698 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -336,7 +336,31 @@ The core conveys the initial inputs for a key derivation via an opaque data stru typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type ``` -A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents using the following functions. +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of type-specific the functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. + +``` +enum psa_crypto_driver_key_derivation_input_type_t { + PSA_KEY_DERIVATION_INPUT_TYPE_INVALID = 0, + PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED, + PSA_KEY_DERIVATION_INPUT_TYPE_BYTES, + PSA_KEY_DERIVATION_INPUT_TYPE_KEY, + PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER, + // Implementations may add other values, and may freely choose the + // numerical values for each identifer except as explicitly specified + // above. +}; +psa_crypto_driver_key_derivation_input_type_t psa_crypto_driver_key_derivation_get_input_type( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step); +``` + +The function `psa_crypto_driver_key_derivation_get_input_type()` determines whether a given step is present and how to access its value: + +* `PSA_KEY_DERIVATION_INPUT_TYPE_INVALID`: the step is invalid for the algorithm of the operation that the inputs are for. +* `PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED`: the step is optional for the algorithm of the operation that the inputs are for, and has been omitted. +* `PSA_KEY_DERIVATION_INPUT_TYPE_BYTES`: the step is valid and present and is a transparent byte string. Call `psa_crypto_driver_key_derivation_get_input_size()` to obtain the size of the input data. Call `psa_crypto_driver_key_derivation_get_input_bytes()` make a copy of the input data. +* `PSA_KEY_DERIVATION_INPUT_TYPE_KEY`: the step is valid and present and is a byte string passed via a key object. Call `psa_crypto_driver_key_derivation_get_input_key()` to obtain a pointer to the key data. +* `PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER`: the step is valid and present and is an integer. Call `psa_crypto_driver_key_derivation_get_input_integer()` to retrieve the integer value. ``` psa_status_t psa_crypto_driver_key_derivation_get_input_size( @@ -357,13 +381,10 @@ psa_status_t psa_crypto_driver_key_derivation_get_input_integer( uint64_t *value); ``` -These functions take the following parameters: +The get-data functions take the following parameters: * The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry point which has not returned yet. -* The `step` parameter indicates the input step whose content the driver wants to retrieve. The type of the input step must be compatible with the function: - * `psa_crypto_driver_key_derivation_get_input_integer` for integer inputs (steps that the application passes with `psa_key_derivation_input_integer()`). - * `psa_crypto_driver_key_derivation_get_input_size` and `psa_crypto_driver_key_derivation_get_input_bytes` for data inputs (steps that the application passes with `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()`, excluding key inputs from the same secure element). - * `psa_crypto_driver_key_derivation_get_input_key` for key inputs (steps that the application passes with `psa_key_derivation_input_key()`, only for secure element drivers receiving a key from the same secure element). +* The `step` parameter indicates the input step whose content the driver wants to retrieve. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the desired input in bytes. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `buffer` with the desired input and sets `*buffer_length` to *N*, where *N* is the length of the input in bytes. The value of `buffer_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_key`, the core sets `*key_buffer` to a pointer to a buffer containing the key context and `*key_buffer_size` to the size of the key context in bytes. The key context buffer remains valid for the duration of the driver entry point. If the driver needs to access the key context after the current entry point returns, it must make a copy of the key context. @@ -372,9 +393,8 @@ These functions take the following parameters: These functions can return the following statuses: * `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). -* `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. * `PSA_ERROR_DOES_NOT_EXIST`: the input step is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). -* `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. +* `PSA_ERROR_INVALID_ARGUMENT`: the input type is not compatible with this function or was omitted. Call `psa_crypto_driver_key_derivation_get_input_type()` to find out the actual type of this input step. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. * `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. * The core may return other errors such as `PSA_ERROR_CORRUPTION_DETECTED` or `PSA_ERROR_COMMUNICATION_FAILURE` to convey implementation-specific error conditions. Portable drivers should treat such conditions as fatal errors. @@ -392,12 +412,6 @@ psa_status_t acme_key_derivation_setup( * `alg` is the algorithm for the key derivation operation. It does not include a key agreement component. * `inputs` is an opaque pointer to the [initial inputs](#key-derivation-driver-initial-inputs) for the key derivation. -The following process describes how a driver is expected to retrieve the inputs of the key derivation. For each input step that is valid for the algorithm `alg` and is not a [long input](#key-derivation-driver-long-inputs): - -* If the step is a data step and the driver is an opaque driver, call `psa_crypto_driver_key_derivation_get_input_key`. This may either succeed or fail with `PSA_ERROR_INSUFFICIENT_DATA` depending on whether the input comes from the same secure element or not. Note that the driver obtains a pointer to the [key context](#overview-of-driver-entry-points) which only remains valid until the end of the call to the setup entry point. If the driver needs the context in subsequent steps of the operation, it must make a copy. -* If the step is a data step and the driver is a transparent driver, or if `psa_crypto_driver_key_derivation_get_input_key` returned `PSA_ERROR_INSUFFICIENT_DATA`, call `psa_crypto_driver_key_derivation_get_input_size` to retrieve the size of the input, then call `psa_crypto_driver_key_derivation_get_input_bytes` with a large enough buffer to retrieve the input data. -* If the step is an integer, call `psa_crypto_driver_key_derivation_get_input_integer`. - #### Key derivation driver long inputs Some key derivation algorithms take long inputs which it would not be practical to pass in the [initial inputs](#key-derivation-driver-initial-inputs). A driver that implements a key derivation algorithm that takes such inputs must provide a `"key_derivation_input_step"` entry point. The core calls this input step for all the long inputs, in an unspecified order. Long input steps may be fragmented into multiple calls of `psa_key_derivation_input_bytes()`, and the core may reassemble or refragment those fragments before passing them to the driver. From d9645c847e90f73cca0afad97d70a02631a4cc8e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Jun 2022 18:19:51 +0200 Subject: [PATCH 009/483] Fix naming confusion with opaque key derivation "key_derivation_derive_key" should have been "key_derivation_output_key". Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index fa3f1d1698..ae84987de3 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -318,7 +318,7 @@ A key derivation driver has the following entry points: * `"key_derivation_setup"` (mandatory): always the first entry point to be called. This entry point provides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver setup”](#key-derivation-driver-setup). * `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). -* `"key_derivation_derive_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). +* `"key_derivation_output_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). * `"key_derivation_abort"` (mandatory): always the last entry point to be called. @@ -427,7 +427,7 @@ At the time of writing, no standard key derivation algorithm has long inputs. It #### Key derivation driver operation capacity -The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support `"key_derivation_derive_key"` [cooked key types](#transparent-cooked-key-derivation), i.e. for key types where the derived key material is not a direct copy of the key derivation's output stream. +The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support [`"key_derivation_output_key"`](#key-derivation-driver-outputs), i.e. for key types where the derived key material is not a direct copy of the key derivation's output stream. Such drivers must enforce the capacity limitation and must return `PSA_ERROR_INSUFFICIENT_CAPACITY` from any output request that exceeds the operation's capacity. Such drivers must provide the following entry point: ``` From 5205fb42a1c6a0eb162d7673a1efaca2f7a1cd30 Mon Sep 17 00:00:00 2001 From: Simon Date: Mon, 5 Sep 2022 23:15:07 +0200 Subject: [PATCH 010/483] Update mps_common.h Signed-off-by: Simon --- library/mps_common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/mps_common.h b/library/mps_common.h index 668876ccfc..a2aee43af9 100644 --- a/library/mps_common.h +++ b/library/mps_common.h @@ -169,7 +169,7 @@ * */ typedef size_t mbedtls_mps_stored_size_t; -#define MBEDTLS_MPS_STORED_SIZE_MAX ( (mbedtls_mps_stored_size_t) -1 ) +#define MBEDTLS_MPS_STORED_SIZE_MAX (SIZE_MAX) /** \brief The type of buffer sizes and offsets used in the MPS API * and implementation. @@ -183,7 +183,7 @@ typedef size_t mbedtls_mps_stored_size_t; * so almost 10%. */ typedef size_t mbedtls_mps_size_t; -#define MBEDTLS_MPS_SIZE_MAX ( (mbedtls_mps_size_t) -1 ) +#define MBEDTLS_MPS_SIZE_MAX (SIZE_MAX) #if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX #error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t." From 2ca343796d36e3350077eec10400e8aebec17c1b Mon Sep 17 00:00:00 2001 From: Alexey Tsvetkov Date: Tue, 7 Jun 2022 10:21:05 +0300 Subject: [PATCH 011/483] Add const to move variables to .rodata section Signed-off-by: Dave Rodgman --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index af65e6d866..1e1d0e570b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4348,7 +4348,7 @@ static uint16_t ssl_preset_default_groups[] = { MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; -static int ssl_preset_suiteb_ciphersuites[] = { +static const int ssl_preset_suiteb_ciphersuites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 0 From 18e76e7eefd484c5f14d64beaeee98d70b12cee9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Oct 2022 14:43:13 +0200 Subject: [PATCH 012/483] typo Signed-off-by: Gilles Peskine --- docs/architecture/psa-crypto-implementation-structure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md index e7282381e1..3fe074f352 100644 --- a/docs/architecture/psa-crypto-implementation-structure.md +++ b/docs/architecture/psa-crypto-implementation-structure.md @@ -112,7 +112,7 @@ If a mechanism requires new functions, they should follow the design guidelines Functions that are part of the current or upcoming API are declared in `include/psa/crypto.h`, apart from structure accessors defined in `include/psa/crypto_struct.h`. Functions that have output buffers have associated sufficient-output-size macros in `include/psa/crypto_sizes.h`. -Constants (algorithm identifiers, key type identifiers, etc.) and associated desctructor macros (e.g. `PSA_IS_xxx()`) are defined in `include/psa/crypto_values.h`. +Constants (algorithm identifiers, key type identifiers, etc.) and associated destructor macros (e.g. `PSA_IS_xxx()`) are defined in `include/psa/crypto_values.h`. Functions and macros that are not intended for standardization, or that are at a stage where the draft standard might still evolve significantly, are declared in `include/psa/crypto_extra.h`. From ea3d93354b089166896adf31117fbfdc0fb94fad Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 7 Dec 2022 06:19:49 +0000 Subject: [PATCH 013/483] Remove useless debug log of pk type from test cases Signed-off-by: Xiaokang Qian --- tests/ssl-opt.sh | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1fe8baeb65..c8b4207972 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11727,8 +11727,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - ope -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" \ - -C "unknown pk type" + -c "no suitable signature algorithm" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -11745,8 +11744,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - gnu -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" \ - -C "unknown pk type" + -c "no suitable signature algorithm" # Test using an opaque private key for client authentication requires_openssl_tls1_3 @@ -11999,8 +11997,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" \ - -C "unkown pk type" + -c "no suitable signature algorithm" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -12018,8 +12015,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "no suitable signature algorithm" \ - -C "unkown pk type" + -c "no suitable signature algorithm" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C From eda71ce5356c67beeb03e06bd898323fdead19cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Jan 2023 14:32:56 +0100 Subject: [PATCH 014/483] Key derivation: improve overview of the problem space Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index ae84987de3..be09f0d167 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -299,7 +299,12 @@ TODO ### Driver entry points for key derivation -Key derivation is more complex than other multipart operations due to the multiplicity of inputs and outputs, to the fact that multiple drivers can be involved (key agreement and subsequent key derivation accelerator, opaque driver for the secret key and for derived keys), and because the involvement of an opaque driver cannot be determined as soon as the operation is set up (since `psa_key_derivation_setup()` does not determine the key input). +Key derivation is more complex than other multipart operations for several reasons: + +* There are multiple of inputs and outputs. +* Multiple drivers can be involved. This happens when an operation combines a key agreement and a subsequent symmetric key derivation, each of which can have independent drivers. This also happens when deriving an asymmetric key, where processing the secret input and generating the key output might involve different drivers. +* When multiple drivers are involved, they are not always independent: if the secret input is managed by an opaque driver, it might not allow the core to retrieve the intermediate output and pass it to another driver. +* The involvement of an opaque driver cannot be determined as soon as the operation is set up (since `psa_key_derivation_setup()` does not determine the key input). #### Key derivation driver dispatch logic From 4e346bd569308481bbf56136e300a7f7381bf3b6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Jan 2023 14:33:22 +0100 Subject: [PATCH 015/483] Fix entry point name Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index be09f0d167..bc7e57a395 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -324,7 +324,7 @@ A key derivation driver has the following entry points: * `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_output_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). -* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). +* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_key"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). * `"key_derivation_abort"` (mandatory): always the last entry point to be called. For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: From 635b779cfd238c4300c4f7d5d6d5636d54cb0dfd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Jan 2023 14:33:44 +0100 Subject: [PATCH 016/483] Fix math character used in text mode Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index bc7e57a395..d4b5542c42 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -524,7 +524,7 @@ The core calls the `"derive_key"` entry point in a loop until it returns a statu For standard key types, the `"derive_key"` entry point is called with a certain input length as follows: * `PSA_KEY_TYPE_DES`: the length of the key. -* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: *m* bytes, where the bit-size of the key *n* satisfies *m*-1 < 8×*n* ≤ *m*. +* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: $m$ bytes, where the bit-size of the key $n$ satisfies $m-1 < 8 n \le m$. * `PSA_KEY_TYPE_RSA_KEY_PAIR`: an implementation-defined length. A future version of this specification may specify a length. * Other key types: not applicable. From fd094081e1fe702dbfdbe84cc8a63c0bd27f72a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Jan 2023 20:24:17 +0100 Subject: [PATCH 017/483] Pass attributes alongside key buffer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is the generic way of going adapting a psa_key_id_t argument in the application interface to the driver interface. Thanks Hannes Lindström. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index d4b5542c42..faa0ec369f 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -379,6 +379,7 @@ psa_status_t psa_crypto_driver_key_derivation_get_input_bytes( psa_status_t psa_crypto_driver_key_derivation_get_input_key( const psa_crypto_driver_key_derivation_inputs_t *inputs, psa_key_derivation_step_t step, + const psa_key_attributes_t *attributes, uint8_t** p_key_buffer, size_t *key_buffer_size); psa_status_t psa_crypto_driver_key_derivation_get_input_integer( const psa_crypto_driver_key_derivation_inputs_t *inputs, From f7a824b961699c9995bf8af5d02d95f5fc9138d7 Mon Sep 17 00:00:00 2001 From: oberon-sk Date: Wed, 15 Feb 2023 19:43:30 +0100 Subject: [PATCH 018/483] Add check, if the algorithm supports psa_sign_hash() before running the test. Signed-off-by: Stephan Koch --- tests/src/psa_exercise_key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index ecd1ec4cd0..950136da73 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -295,7 +295,8 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { - if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH)) { + if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) && + PSA_ALG_IS_SIGN_HASH(alg)) { unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 }; size_t payload_length = 16; unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; From 92337c0e620d2162e6fb7f0dbaec286670beefc2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 18 Jan 2023 18:40:49 +0000 Subject: [PATCH 019/483] Add function to parse an OID from a string Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 14 ++++ library/oid.c | 164 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 178 insertions(+) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index a592e63c4f..1284aa9294 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -466,6 +466,20 @@ typedef struct mbedtls_oid_descriptor_t { */ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); +/** + * \brief Translate a string containing a numeric representation + * of an ASN.1 OID into its encoded form + * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D") + * + * \param buf buffer to put representation in + * \param size size of the buffer + * \param oid OID to translate + * + * \return Length of the string written (excluding final NULL) or + * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error + */ +int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *buf, size_t size); + /** * \brief Translate an X.509 extension OID into local values * diff --git a/library/oid.c b/library/oid.c index 86214b23a0..9b8bef6dec 100644 --- a/library/oid.c +++ b/library/oid.c @@ -895,4 +895,168 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, return (int) (size - n); } +static int oid_parse_number(const char **p, const char *bound) +{ + int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + int num = 0; + while (*p < bound && **p >= '0' && **p <= '9') { + ret = 0; + if (num > (INT_MAX / 10)) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + num *= 10; + num += **p - '0'; + (*p)++; + } + if (ret != 0) { + return ret; + } else { + return num; + } +} + +static size_t oid_subidentifier_num_bytes(unsigned int value) +{ + size_t num_bytes = 1; + value >>= 7; + while (value != 0) { + num_bytes++; + value >>= 7; + } + return num_bytes; +} + +static int oid_subidentifier_encode_into(unsigned char **p, + unsigned char *bound, + unsigned int value) +{ + size_t num_bytes = oid_subidentifier_num_bytes(value); + if ((size_t) (bound - *p) < num_bytes) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f); + value >>= 7; + + for (size_t i = 2; i <= num_bytes; i++) { + (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f); + value >>= 7; + } + *p += num_bytes; + + return 0; +} + +/* Return the OID for the given x.y.z.... style numeric string */ +int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, + const char *buf, size_t size) +{ + int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + + const char *str_ptr = buf; + const char *str_bound = buf + size; + int val = 0; + size_t encoded_len; + + int component1 = oid_parse_number(&str_ptr, str_bound); + if (component1 < 0) { + return component1; + } + if (component1 > 2) { + /* First component can't be > 2 */ + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + if (str_ptr >= str_bound || *str_ptr != '.') { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + str_ptr++; + + int component2 = oid_parse_number(&str_ptr, str_bound); + if (component2 < 0) { + return component2; + } + if ((component1 < 2) && (component2 > 38)) { + /* Root nodes 0 and 1 may have up to 39 children */ + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + if (str_ptr < str_bound && *str_ptr != '\0') { + if (*str_ptr == '.') { + str_ptr++; + } else { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + } + + if ((UINT_MAX - (unsigned int) component2) <= + ((unsigned int) component1 * 40)) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + encoded_len = oid_subidentifier_num_bytes(((unsigned int) component1 * 40) + + (unsigned int) component2); + + while (str_ptr < str_bound && *str_ptr != '\0') { + val = oid_parse_number(&str_ptr, str_bound); + if (val < 0) { + return val; + } + if (str_ptr < str_bound && *str_ptr != '\0') { + if (*str_ptr == '.') { + str_ptr++; + } else { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + } + + size_t num_bytes = oid_subidentifier_num_bytes(val); + if ((SIZE_MAX - encoded_len) <= num_bytes) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + encoded_len += num_bytes; + } + + oid->p = mbedtls_calloc(encoded_len, sizeof(unsigned char)); + if (oid->p == NULL) { + return MBEDTLS_ERR_ASN1_ALLOC_FAILED; + } + oid->len = encoded_len; + + /* Now that we've allocated the buffer, go back to the start and encode */ + str_ptr = buf; + unsigned char *out_ptr = oid->p; + unsigned char *out_bound = oid->p + oid->len; + + /* No need to do validation this time, as we did it on the first pass */ + component1 = oid_parse_number(&str_ptr, str_bound); + /* Skip past the '.' */ + str_ptr++; + component2 = oid_parse_number(&str_ptr, str_bound); + /* Skip past the '.' */ + str_ptr++; + ret = oid_subidentifier_encode_into(&out_ptr, out_bound, + (component1 * 40) + component2); + if (ret != 0) { + mbedtls_free(oid->p); + oid->p = NULL; + oid->len = 0; + return ret; + } + while (str_ptr < str_bound && *str_ptr != '\0') { + val = oid_parse_number(&str_ptr, str_bound); + if (str_ptr < str_bound && *str_ptr == '.') { + /* Skip past the '.' */ + str_ptr++; + } + + ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); + if (ret != 0) { + mbedtls_free(oid->p); + oid->p = NULL; + oid->len = 0; + return ret; + } + } + oid->tag = MBEDTLS_ASN1_OID; + + return 0; +} + #endif /* MBEDTLS_OID_C */ From 0f852c92772e28fb04fc184c62015c223e530e4e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 15 Feb 2023 11:09:10 +0000 Subject: [PATCH 020/483] Add tests for OID parsing from string Signed-off-by: David Horstmann --- tests/suites/test_suite_oid.data | 12 ++++++++++++ tests/suites/test_suite_oid.function | 26 ++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index b9fa6543d9..9e47ef42a0 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -119,3 +119,15 @@ oid_get_numeric_string:"8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID get numeric string - overlong encoding, second subidentifier oid_get_numeric_string:"2B8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - hardware module name +oid_from_numeric_string:"1.3.6.1.5.5.7.8.4":0:"2B06010505070804" + +OID from numeric string - multi-byte subidentifier +oid_from_numeric_string:"1.1.2108":0:"29903C" + +OID from numeric string - second component greater than 39 +oid_from_numeric_string:"2.49.0.0.826.0":0:"81010000863A00" + +OID from numeric string - multi-byte first subidentifier +oid_from_numeric_string:"2.999":0:"8837" diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index 3004b65fe1..329bd8b486 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -117,3 +117,29 @@ void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str) } } /* END_CASE */ + +/* BEGIN_CASE */ +void oid_from_numeric_string(char *oid_str, int error_ret, + data_t *exp_oid_buf) +{ + mbedtls_asn1_buf oid = { 0, 0, NULL }; + mbedtls_asn1_buf exp_oid = { 0, 0, NULL }; + int ret; + + exp_oid.tag = MBEDTLS_ASN1_OID; + exp_oid.p = exp_oid_buf->x; + exp_oid.len = exp_oid_buf->len; + + ret = mbedtls_oid_from_numeric_string(&oid, oid_str, strlen(oid_str)); + + if (error_ret == 0) { + TEST_EQUAL(oid.len, exp_oid.len); + TEST_ASSERT(memcmp(oid.p, exp_oid.p, oid.len) == 0); + mbedtls_free(oid.p); + oid.p = NULL; + oid.len = 0; + } else { + TEST_EQUAL(ret, error_ret); + } +} +/* END_CASE */ From 18ec9d7da120cbd7d916483de69961b6dca41c48 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 20 Feb 2023 17:18:45 +0000 Subject: [PATCH 021/483] Change some error codes to be more accurate Signed-off-by: David Horstmann --- library/oid.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/oid.c b/library/oid.c index 9b8bef6dec..996b5419ed 100644 --- a/library/oid.c +++ b/library/oid.c @@ -902,7 +902,7 @@ static int oid_parse_number(const char **p, const char *bound) while (*p < bound && **p >= '0' && **p <= '9') { ret = 0; if (num > (INT_MAX / 10)) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } num *= 10; num += **p - '0'; @@ -988,7 +988,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, if ((UINT_MAX - (unsigned int) component2) <= ((unsigned int) component1 * 40)) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } encoded_len = oid_subidentifier_num_bytes(((unsigned int) component1 * 40) + (unsigned int) component2); @@ -1008,7 +1008,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, size_t num_bytes = oid_subidentifier_num_bytes(val); if ((SIZE_MAX - encoded_len) <= num_bytes) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } encoded_len += num_bytes; } From 03329970dec32c99d40e3129bd998022e49493c7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 20 Feb 2023 17:28:36 +0000 Subject: [PATCH 022/483] Correct error in processing of second component Root nodes 0 and 1 may have up to 40 children (0 - 39), not 39 children (0 - 38) as previously thought. Signed-off-by: David Horstmann --- library/oid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/oid.c b/library/oid.c index 996b5419ed..06127c26e8 100644 --- a/library/oid.c +++ b/library/oid.c @@ -974,8 +974,8 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, if (component2 < 0) { return component2; } - if ((component1 < 2) && (component2 > 38)) { - /* Root nodes 0 and 1 may have up to 39 children */ + if ((component1 < 2) && (component2 > 39)) { + /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ return MBEDTLS_ERR_ASN1_INVALID_DATA; } if (str_ptr < str_bound && *str_ptr != '\0') { From 59400ffed5562cc64b6ea1fb373834e3a1e817e4 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 15:27:16 +0000 Subject: [PATCH 023/483] Improve header docs and rename parameter Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 17 +++++++++++------ library/oid.c | 8 ++++---- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 1284aa9294..49f4af5208 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -470,15 +470,20 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * \brief Translate a string containing a numeric representation * of an ASN.1 OID into its encoded form * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D") + * On success, this function allocates oid->buf from the + * heap. It must be free'd by the caller. * - * \param buf buffer to put representation in - * \param size size of the buffer - * \param oid OID to translate + * \param oid mbedtls_asn1_buf to populate with the DER-encoded OID + * \param oid_str string representation of the OID to parse + * \param size length of the OID string * - * \return Length of the string written (excluding final NULL) or - * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error + * \return 0 if successful + * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if oid_str does not + * represent a valid OID + * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to + * allocate oid->buf */ -int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *buf, size_t size); +int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); /** * \brief Translate an X.509 extension OID into local values diff --git a/library/oid.c b/library/oid.c index 06127c26e8..6c62b949b9 100644 --- a/library/oid.c +++ b/library/oid.c @@ -948,12 +948,12 @@ static int oid_subidentifier_encode_into(unsigned char **p, /* Return the OID for the given x.y.z.... style numeric string */ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, - const char *buf, size_t size) + const char *oid_str, size_t size) { int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - const char *str_ptr = buf; - const char *str_bound = buf + size; + const char *str_ptr = oid_str; + const char *str_bound = oid_str + size; int val = 0; size_t encoded_len; @@ -1020,7 +1020,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, oid->len = encoded_len; /* Now that we've allocated the buffer, go back to the start and encode */ - str_ptr = buf; + str_ptr = oid_str; unsigned char *out_ptr = oid->p; unsigned char *out_bound = oid->p + oid->len; From 0f4ee418d8f4a7b9e46eb953f29a8e07d2f854e0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 16:17:41 +0000 Subject: [PATCH 024/483] Use return for errors only in oid_parse_number() Signed-off-by: David Horstmann --- library/oid.c | 47 +++++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/library/oid.c b/library/oid.c index 6c62b949b9..91f6da6e5d 100644 --- a/library/oid.c +++ b/library/oid.c @@ -895,24 +895,20 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, return (int) (size - n); } -static int oid_parse_number(const char **p, const char *bound) +static int oid_parse_number(unsigned int *num, const char **p, const char *bound) { int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - int num = 0; + *num = 0; while (*p < bound && **p >= '0' && **p <= '9') { ret = 0; - if (num > (INT_MAX / 10)) { + if (*num > (INT_MAX / 10)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } - num *= 10; - num += **p - '0'; + *num *= 10; + *num += **p - '0'; (*p)++; } - if (ret != 0) { - return ret; - } else { - return num; - } + return ret; } static size_t oid_subidentifier_num_bytes(unsigned int value) @@ -956,10 +952,11 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *str_bound = oid_str + size; int val = 0; size_t encoded_len; + unsigned int component1, component2; - int component1 = oid_parse_number(&str_ptr, str_bound); - if (component1 < 0) { - return component1; + ret = oid_parse_number(&component1, &str_ptr, str_bound); + if (ret != 0) { + return ret; } if (component1 > 2) { /* First component can't be > 2 */ @@ -970,9 +967,9 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } str_ptr++; - int component2 = oid_parse_number(&str_ptr, str_bound); - if (component2 < 0) { - return component2; + ret = oid_parse_number(&component2, &str_ptr, str_bound); + if (ret != 0) { + return ret; } if ((component1 < 2) && (component2 > 39)) { /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ @@ -986,17 +983,15 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } } - if ((UINT_MAX - (unsigned int) component2) <= - ((unsigned int) component1 * 40)) { + if ((UINT_MAX - component2) <= (component1 * 40)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } - encoded_len = oid_subidentifier_num_bytes(((unsigned int) component1 * 40) - + (unsigned int) component2); + encoded_len = oid_subidentifier_num_bytes((component1 * 40) + component2); while (str_ptr < str_bound && *str_ptr != '\0') { - val = oid_parse_number(&str_ptr, str_bound); - if (val < 0) { - return val; + oid_parse_number(&val, &str_ptr, str_bound); + if (ret != 0) { + return ret; } if (str_ptr < str_bound && *str_ptr != '\0') { if (*str_ptr == '.') { @@ -1025,10 +1020,10 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, unsigned char *out_bound = oid->p + oid->len; /* No need to do validation this time, as we did it on the first pass */ - component1 = oid_parse_number(&str_ptr, str_bound); + oid_parse_number(&component1, &str_ptr, str_bound); /* Skip past the '.' */ str_ptr++; - component2 = oid_parse_number(&str_ptr, str_bound); + oid_parse_number(&component2, &str_ptr, str_bound); /* Skip past the '.' */ str_ptr++; ret = oid_subidentifier_encode_into(&out_ptr, out_bound, @@ -1040,7 +1035,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, return ret; } while (str_ptr < str_bound && *str_ptr != '\0') { - val = oid_parse_number(&str_ptr, str_bound); + oid_parse_number(&val, &str_ptr, str_bound); if (str_ptr < str_bound && *str_ptr == '.') { /* Skip past the '.' */ str_ptr++; From 7cdfda12da9619e68e15c8516654c8018f4463f3 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 16:20:52 +0000 Subject: [PATCH 025/483] Fixup: Correct signedness of val local variable Signed-off-by: David Horstmann --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 91f6da6e5d..3b5b31a5ee 100644 --- a/library/oid.c +++ b/library/oid.c @@ -950,7 +950,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *str_ptr = oid_str; const char *str_bound = oid_str + size; - int val = 0; + unsigned int val = 0; size_t encoded_len; unsigned int component1, component2; From 89d67bd472dec4aff1b770004da3a488ac749051 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 16:24:38 +0000 Subject: [PATCH 026/483] Remove superfluous sizeof(unsigned char) Signed-off-by: David Horstmann --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 3b5b31a5ee..103199012c 100644 --- a/library/oid.c +++ b/library/oid.c @@ -1008,7 +1008,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, encoded_len += num_bytes; } - oid->p = mbedtls_calloc(encoded_len, sizeof(unsigned char)); + oid->p = mbedtls_calloc(encoded_len, 1); if (oid->p == NULL) { return MBEDTLS_ERR_ASN1_ALLOC_FAILED; } From 376e8df9d6098539c7ece0bbbce99214f1d5b412 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 16:33:40 +0000 Subject: [PATCH 027/483] Clarify structure of parsing with comments: 1. Parse through to get the required buffer length. 2. Having allocated a buffer, parse into the buffer. Signed-off-by: David Horstmann --- library/oid.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 103199012c..811d343248 100644 --- a/library/oid.c +++ b/library/oid.c @@ -954,6 +954,8 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, size_t encoded_len; unsigned int component1, component2; + /* First pass - parse the string to get the length of buffer required */ + ret = oid_parse_number(&component1, &str_ptr, str_bound); if (ret != 0) { return ret; @@ -1014,7 +1016,9 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } oid->len = encoded_len; - /* Now that we've allocated the buffer, go back to the start and encode */ + /* Second pass - now that we've allocated the buffer, go back to the + * start and encode */ + str_ptr = oid_str; unsigned char *out_ptr = oid->p; unsigned char *out_bound = oid->p + oid->len; From e91cbcfb2cbc66705e0b7bc9058ca332b89d8d28 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 17:19:45 +0000 Subject: [PATCH 028/483] Add negative test cases for OID parsing Signed-off-by: David Horstmann --- tests/suites/test_suite_oid.data | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index 9e47ef42a0..d4a7dea21d 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -131,3 +131,30 @@ oid_from_numeric_string:"2.49.0.0.826.0":0:"81010000863A00" OID from numeric string - multi-byte first subidentifier oid_from_numeric_string:"2.999":0:"8837" + +OID from numeric string - empty string input +oid_from_numeric_string:"":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - first component not a number +oid_from_numeric_string:"abc.1.2":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - second component not a number +oid_from_numeric_string:"1.abc.2":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - first component too large +oid_from_numeric_string:"3.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - first component < 2, second > 39 +oid_from_numeric_string:"1.40":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - third component not a number +oid_from_numeric_string:"1.2.abc":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - non-'.' separator between first and second +oid_from_numeric_string:"1/2.3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - non-'.' separator between second and third +oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - non-'.' separator between third and fourth +oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" From ce16474d9119cdef01aa6bda53d0210d0821b853 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 23 Feb 2023 13:50:48 +0000 Subject: [PATCH 029/483] Correct INT_MAX overflow check to UINT_MAX Signed-off-by: David Horstmann --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 811d343248..3c27bfc732 100644 --- a/library/oid.c +++ b/library/oid.c @@ -901,7 +901,7 @@ static int oid_parse_number(unsigned int *num, const char **p, const char *bound *num = 0; while (*p < bound && **p >= '0' && **p <= '9') { ret = 0; - if (*num > (INT_MAX / 10)) { + if (*num > (UINT_MAX / 10)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } *num *= 10; From 099be74d28edd04dff9753751c2f0f6a5cdeb9fe Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 23 Feb 2023 13:51:43 +0000 Subject: [PATCH 030/483] Change free'd to freed for consistency Also clarify that the user must use mbedtls_free(). Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 49f4af5208..b2f5dd196b 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -471,7 +471,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * of an ASN.1 OID into its encoded form * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D") * On success, this function allocates oid->buf from the - * heap. It must be free'd by the caller. + * heap. It must be freed by the caller using mbedtls_free(). * * \param oid mbedtls_asn1_buf to populate with the DER-encoded OID * \param oid_str string representation of the OID to parse From a41954d0cf328c91ffaf413eebea94bfc3f8d762 Mon Sep 17 00:00:00 2001 From: toth92g Date: Fri, 12 Feb 2021 16:11:17 +0100 Subject: [PATCH 031/483] Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId). A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags. Signed-off-by: toth92g --- include/mbedtls/x509.h | 11 + include/mbedtls/x509_crt.h | 2 + library/oid.c | 12 +- library/x509_crt.c | 244 +++++++++++++++++- .../authorityKeyId_subjectKeyId.crt | 21 ++ ...ubjectKeyId_wrong_AuthorityKeyId_KeyId.crt | 3 + ...ectKeyId_wrong_AuthorityKeyId_Sequence.crt | 3 + ...horityKeyId_subjectKeyId_wrong_Issuer1.crt | 3 + ...horityKeyId_subjectKeyId_wrong_Issuer2.crt | 3 + ...horityKeyId_subjectKeyId_wrong_Issuer3.crt | 3 + ...horityKeyId_subjectKeyId_wrong_Issuer4.crt | 3 + ...yKeyId_subjectKeyId_wrong_SubjectKeyId.crt | 3 + tests/suites/test_suite_x509parse.data | 36 +++ tests/suites/test_suite_x509parse.function | 92 +++++++ 14 files changed, 437 insertions(+), 2 deletions(-) create mode 100644 tests/data_files/authorityKeyId_subjectKeyId.crt create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt create mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 8dfd1f364c..5a9f2b5d40 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -243,6 +243,17 @@ typedef mbedtls_asn1_named_data mbedtls_x509_name; */ typedef mbedtls_asn1_sequence mbedtls_x509_sequence; +/* + * Container for the fields of the Authority Key Identifier object + */ +typedef struct mbedtls_x509_authority { + mbedtls_x509_buf keyIdentifier; + mbedtls_x509_name authorityCertIssuer; + mbedtls_x509_buf authorityCertSerialNumber; + mbedtls_x509_buf raw; +} +mbedtls_x509_authority; + /** Container for date and time (precision in seconds). */ typedef struct mbedtls_x509_time { int year, mon, day; /**< Date. */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 6c86a6629e..672cdf5a44 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -76,6 +76,8 @@ typedef struct mbedtls_x509_crt { mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier, DirectoryName and OtherName are listed). */ + mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */ + mbedtls_x509_authority authority_key_id; /**< Optional X.509 v3 extension authority key identifier. */ mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ diff --git a/library/oid.c b/library/oid.c index 622e793ed5..79bf554565 100644 --- a/library/oid.c +++ b/library/oid.c @@ -319,7 +319,17 @@ static const oid_x509_ext_t oid_x509_ext[] = MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, }, { - NULL_OID_DESCRIPTOR, + { ADD_LEN(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER), "id-ce-subjectKeyIdentifier", + "Subject Key Identifier" }, + MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER, + }, + { + { ADD_LEN(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER), "id-ce-authorityKeyIdentifier", + "Authority Key Identifier" }, + MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER, + }, + { + { NULL, 0, NULL, NULL }, 0, }, }; diff --git a/library/x509_crt.c b/library/x509_crt.c index cf62532f28..e7a98dd622 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -586,6 +586,227 @@ static int x509_get_ext_key_usage(unsigned char **p, return 0; } +/* + * SubjectKeyIdentifier ::= KeyIdentifier + * + * KeyIdentifier ::= OCTET STRING + */ +static int x509_get_subject_key_id(unsigned char **p, + const unsigned char *end, + mbedtls_x509_buf *subject_key_id) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len = 0u; + + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return ret; + } else { + subject_key_id->len = len; + subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; + subject_key_id->p = *p; + *p += len; + } + + return 0; +} + +/* + * AuthorityKeyIdentifier ::= SEQUENCE { + * keyIdentifier [0] KeyIdentifier OPTIONAL, + * authorityCertIssuer [1] GeneralNames OPTIONAL, + * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } + * + * KeyIdentifier ::= OCTET STRING + */ +static int x509_get_authority_key_id(unsigned char **p, + unsigned char *end, + mbedtls_x509_authority *authority_key_id) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len = 0u; + + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } + + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0) { + /* KeyIdentifier is an OPTIONAL field */ + } else { + authority_key_id->keyIdentifier.len = len; + authority_key_id->keyIdentifier.p = *p; + authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; + + *p += len; + } + + if (*p < end) { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_BOOLEAN)) != 0) { + /* authorityCertIssuer is an OPTIONAL field */ + } else { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return ret; + } else { + authority_key_id->raw.p = *p; + + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } + + if ((ret = + mbedtls_x509_get_name(p, *p + len, + &authority_key_id->authorityCertIssuer)) != 0) { + return ret; + } + + authority_key_id->raw.len = *p - authority_key_id->raw.p; + } + } + } + + if (*p < end) { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER)) != + 0) { + /* authorityCertSerialNumber is an OPTIONAL field, but if there are still data it must be the serial number */ + return ret; + } else { + authority_key_id->authorityCertSerialNumber.len = len; + authority_key_id->authorityCertSerialNumber.p = *p; + authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING; + *p += len; + } + } + + if (*p != end) { + return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + + return 0; +} + +/* + * SubjectAltName ::= GeneralNames + * + * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + * + * GeneralName ::= CHOICE { + * otherName [0] OtherName, + * rfc822Name [1] IA5String, + * dNSName [2] IA5String, + * x400Address [3] ORAddress, + * directoryName [4] Name, + * ediPartyName [5] EDIPartyName, + * uniformResourceIdentifier [6] IA5String, + * iPAddress [7] OCTET STRING, + * registeredID [8] OBJECT IDENTIFIER } + * + * OtherName ::= SEQUENCE { + * type-id OBJECT IDENTIFIER, + * value [0] EXPLICIT ANY DEFINED BY type-id } + * + * EDIPartyName ::= SEQUENCE { + * nameAssigner [0] DirectoryString OPTIONAL, + * partyName [1] DirectoryString } + * + * NOTE: we list all types, but only use dNSName and otherName + * of type HwModuleName, as defined in RFC 4108, at this point. + */ +static int x509_get_subject_alt_name(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len, tag_len; + mbedtls_asn1_buf *buf; + unsigned char tag; + mbedtls_asn1_sequence *cur = subject_alt_name; + + /* Get main sequence tag */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + if (*p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + + while (*p < end) { + mbedtls_x509_subject_alternative_name dummy_san_buf; + memset(&dummy_san_buf, 0, sizeof(dummy_san_buf)); + + tag = **p; + (*p)++; + if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + if ((tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != + MBEDTLS_ASN1_CONTEXT_SPECIFIC) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } + + /* + * Check that the SAN is structured correctly. + */ + ret = mbedtls_x509_parse_subject_alt_name(&(cur->buf), &dummy_san_buf); + /* + * In case the extension is malformed, return an error, + * and clear the allocated sequences. + */ + if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { + mbedtls_asn1_sequence_free(subject_alt_name->next); + subject_alt_name->next = NULL; + return ret; + } + + /* Allocate and assign next pointer */ + if (cur->buf.p != NULL) { + if (cur->next != NULL) { + return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; + } + + cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); + + if (cur->next == NULL) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_ALLOC_FAILED); + } + + cur = cur->next; + } + + buf = &(cur->buf); + buf->tag = tag; + buf->p = *p; + buf->len = tag_len; + *p += buf->len; + } + + /* Set final sequence entry's next pointer to NULL */ + cur->next = NULL; + + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + + return 0; +} + /* * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } * @@ -883,7 +1104,20 @@ static int x509_get_crt_ext(unsigned char **p, return ret; } break; - + case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER: + /* Parse subject key identifier */ + if ((ret = x509_get_subject_key_id(p, end_ext_data, + &crt->subject_key_id)) != 0) { + return ret; + } + break; + case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER: + /* Parse authority key identifier */ + if ((ret = x509_get_authority_key_id(p, end_ext_octet, + &crt->authority_key_id)) != 0) { + return ret; + } + break; case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: /* Parse subject alt name */ if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, @@ -2838,6 +3072,14 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); + name_cur = cert_cur->authority_key_id.authorityCertIssuer.next; + while (name_cur != NULL) { + name_prv = name_cur; + name_cur = name_cur->next; + mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); + mbedtls_free(name_prv); + } + if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len); mbedtls_free(cert_cur->raw.p); diff --git a/tests/data_files/authorityKeyId_subjectKeyId.crt b/tests/data_files/authorityKeyId_subjectKeyId.crt new file mode 100644 index 0000000000..c2c9a6300c --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH +/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV +BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz +dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ +SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H +DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF +pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf +m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ +7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt new file mode 100644 index 0000000000..bc2874100d --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWgAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt new file mode 100644 index 0000000000..6a7d7f7eee --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwAWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt new file mode 100644 index 0000000000..045c570291 --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8AP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt new file mode 100644 index 0000000000..a103729420 --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hPwA9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt new file mode 100644 index 0000000000..dabad62b22 --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9ADsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt new file mode 100644 index 0000000000..55e65799eb --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsACzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt new file mode 100644 index 0000000000..4c99a2f43a --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 685b8596d2..54bad3c65e 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3165,3 +3165,39 @@ x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_KEY_USAGE X509 ext types accessor: ext type not present depends_on:MBEDTLS_X509_CRT_PARSE_C x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME + +X509 CRT parse Subject Key Id - Correct +depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId.crt":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:0 + +X509 CRT parse Subject Key Id - Wrong +depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt":"":0:0xff9e + +X509 CRT parse Authority Key Id - Correct +depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:"NL/PolarSSL/PolarSSL Test CA/":"0":1:0 + +X509 CRT parse Authority Key Id - Wrong Sequence +depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt":"":0:"":"0":0:0xff9e + +X509 CRT parse Authority Key Id - Wrong KeyId Tag +depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt":"":0:"":"0":0:0xff9e + +X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 +depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt":"":0:"":"0":0:0xff9e + +X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 +depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt":"":0:"":"0":0:0xff9e + +X509 CRT parse Authority Key Id - Wrong Issuer Tag 3 +depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt":"":0:"":"0":0:0xff9e + +X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 +depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt":"":0:"":"0":0:0xdc1e diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 177bc97ad3..12b7818ce8 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1472,3 +1472,95 @@ exit: ;; } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ +void mbedtls_x509_crt_parse_subjectkeyid(char *crt_path, + char *subjectKeyId, + int subjectKeyIdLength, + int retVal) +{ + mbedtls_x509_crt crt; + int i = 0; + int result = 0; + + mbedtls_x509_crt_init(&crt); + + TEST_ASSERT((mbedtls_x509_crt_parse_file(&crt, crt_path)& 0xFFFF) == retVal); + + if (retVal != 0) { + while (i < subjectKeyIdLength) { + result |= crt.subject_key_id.p[i] != subjectKeyId[i*2]; + result |= crt.subject_key_id.p[i+1] != subjectKeyId[i*2+1]; + i++; + } + + TEST_ASSERT(result == 0); + } + +exit: + mbedtls_x509_crt_free(&crt); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ +void mbedtls_x509_crt_parse_authoritykeyid(char *crt_path, + char *authorityKeyId_keyId, + int keyIdLength, + char *authorityKeyId_issuer, + char *authorityKeyId_serial, + int serialLength, + int retVal) +{ + mbedtls_x509_crt crt; + int i = 0; + int result = 0; + int bufferCounter = 0; + size_t issuerCounter = 0; + + mbedtls_x509_crt_init(&crt); + + TEST_ASSERT((mbedtls_x509_crt_parse_file(&crt, crt_path)& 0xFFFF) == retVal); + + if (retVal != 0) { + /* KeyId test */ + while (i < keyIdLength) { + result |= crt.authority_key_id.keyIdentifier.p[i] != authorityKeyId_keyId[i*2]; + result |= crt.authority_key_id.keyIdentifier.p[i+1] != authorityKeyId_keyId[i*2+1]; + i++; + } + + /* Issuer test */ + mbedtls_x509_name *issuerPtr = &crt.authority_key_id.authorityCertIssuer; + while (issuerPtr != NULL) { + for (issuerCounter = 0u; issuerCounter < issuerPtr->val.len; issuerCounter++) { + result |= + (authorityKeyId_issuer[bufferCounter++] != issuerPtr->val.p[issuerCounter]); + } + bufferCounter++; /* Skipping the slash */ + issuerPtr = issuerPtr->next; + } + + /* Serial test */ + i = 0; + while (i < serialLength) { + result |= crt.authority_key_id.authorityCertSerialNumber.p[i] != + authorityKeyId_serial[i*2]; + result |= crt.authority_key_id.authorityCertSerialNumber.p[i+1] != + authorityKeyId_serial[i*2+1]; + i++; + } + + TEST_ASSERT(result == 0); + } + +exit: + mbedtls_x509_crt_free(&crt); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */ +void x509_selftest() +{ + TEST_ASSERT(mbedtls_x509_self_test(1) == 0); +} +/* END_CASE */ From 27f9e7815cd5df022cc73250793e07b394bc5506 Mon Sep 17 00:00:00 2001 From: toth92g Date: Mon, 22 Feb 2021 13:17:32 +0100 Subject: [PATCH 032/483] Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates Signed-off-by: toth92g --- ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt | 2 ++ programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- tests/data_files/Makefile | 9 +++++++++ tests/data_files/authorityKeyId_subjectKeyId.conf | 9 +++++++++ 5 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt create mode 100644 tests/data_files/authorityKeyId_subjectKeyId.conf diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt new file mode 100644 index 0000000000..cf4c9e9531 --- /dev/null +++ b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt @@ -0,0 +1,2 @@ +API changes + * x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 13edf46d7e..2a9a7fe84e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -41,7 +41,7 @@ int main(void) /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 120000 +#define MEMORY_HEAP_SIZE 180000 #define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE_STR "20000" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b2bd8b8ca8..916a581085 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -73,7 +73,7 @@ int main(void) /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 120000 +#define MEMORY_HEAP_SIZE 180000 #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 4228f45822..3a2fca5a18 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -389,6 +389,15 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ all_final += rsa_pkcs8_2048_public.der +authorityKeyId_subjectKeyId.crt: + $(OPENSSL) req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout authorityKeyId_subjectKeyId.crt -out authorityKeyId_subjectKeyId.crt -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' +# The listed certificates are the copies of authorityKeyId_subjectKeyId.crt with error injections +# authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt The TAG marking the beginning of SubjectKeyId is set to 0x00 +# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt The TAG marking the beginning of AuthorityKeyId field is set to 0x00 +# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt The TAG marking that AuthorityKeyId is a sequence is set to 0x00 +# authorityKeyId_subjectKeyId_wrong_IssuerN.crt There are 5 different TAGs based on the x509 doc under AuthorityKeyId(keyId, Dir, Seqence of Dir, serial) +# Each test inject error to one of these + ################################################################ #### Generate various RSA keys ################################################################ diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf new file mode 100644 index 0000000000..d875c6ffe0 --- /dev/null +++ b/tests/data_files/authorityKeyId_subjectKeyId.conf @@ -0,0 +1,9 @@ +[req] +distinguished_name = req_distinguished_name +x509_extensions = v3_req +prompt = no +[req_distinguished_name] +CN = MBEDTLS +[v3_req] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always From 3c2243c6d5bf672def906f19c4105277513bd826 Mon Sep 17 00:00:00 2001 From: toth92g Date: Wed, 10 Mar 2021 13:48:53 +0100 Subject: [PATCH 033/483] Replacing hard-coded literals with macros of the library in the new x509parse tests Signed-off-by: toth92g --- tests/suites/test_suite_x509parse.data | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 54bad3c65e..a4009d6a2f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3172,7 +3172,7 @@ mbedtls_x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId.crt" X509 CRT parse Subject Key Id - Wrong depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt":"":0:0xff9e +mbedtls_x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt":"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Correct depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C @@ -3180,24 +3180,24 @@ mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.cr X509 CRT parse Authority Key Id - Wrong Sequence depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt":"":0:"":"0":0:0xff9e +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt":"":0:"":"0":0:0xff9e +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt":"":0:"":"0":0:0xff9e +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt":"":0:"":"0":0:0xff9e +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 3 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt":"":0:"":"0":0:0xff9e +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt":"":0:"":"0":0:0xdc1e +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG|MBEDTLS_ERR_X509_INVALID_NAME From 0e2e2d684111e8e9240e438cb4735ab73ea6d7ca Mon Sep 17 00:00:00 2001 From: toth92g Date: Thu, 11 Mar 2021 10:51:06 +0100 Subject: [PATCH 034/483] x509parse tests used only last 16 bits of the return values. They are updated to check the whole 32 bit value Signed-off-by: toth92g --- tests/suites/test_suite_x509parse.data | 2 +- tests/suites/test_suite_x509parse.function | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a4009d6a2f..eb31d0c0b6 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3200,4 +3200,4 @@ mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wr X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG|MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + MBEDTLS_ERR_X509_INVALID_NAME diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 12b7818ce8..bdd243f50f 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1485,7 +1485,7 @@ void mbedtls_x509_crt_parse_subjectkeyid(char *crt_path, mbedtls_x509_crt_init(&crt); - TEST_ASSERT((mbedtls_x509_crt_parse_file(&crt, crt_path)& 0xFFFF) == retVal); + TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_path) == retVal); if (retVal != 0) { while (i < subjectKeyIdLength) { @@ -1519,7 +1519,7 @@ void mbedtls_x509_crt_parse_authoritykeyid(char *crt_path, mbedtls_x509_crt_init(&crt); - TEST_ASSERT((mbedtls_x509_crt_parse_file(&crt, crt_path)& 0xFFFF) == retVal); + TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_path) == retVal); if (retVal != 0) { /* KeyId test */ From d96027acd25a2f15f5792f5d5b8bac413fa16b57 Mon Sep 17 00:00:00 2001 From: toth92g Date: Tue, 27 Apr 2021 15:41:25 +0200 Subject: [PATCH 035/483] Correcting documentation issues: - Changelog entry is Feature instead of API Change - Correcting whitespaces around braces - Also adding defensive mechanism to x509_get_subject_key_id to avoid malfunction in case of trailing garbage Signed-off-by: toth92g --- ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt | 5 +++-- library/x509_crt.c | 5 +++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt index cf4c9e9531..9aa3ff91d1 100644 --- a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt +++ b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt @@ -1,2 +1,3 @@ -API changes - * x509 certificate parse functionality is extended with the possibility of extracting SignatureKeyId and AuthorityKeyId fields +Features + * When parsing X.509 certificates, support the extensions + SignatureKeyIdentifier and AuthorityKeyIdentifier. diff --git a/library/x509_crt.c b/library/x509_crt.c index e7a98dd622..8cb78e553c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -608,6 +608,11 @@ static int x509_get_subject_key_id(unsigned char **p, *p += len; } + if (*p != end) { + return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + return 0; } From 2d2fb3a5a7508321a4ea64c43ba49ce1bf7c6a24 Mon Sep 17 00:00:00 2001 From: toth92g Date: Tue, 4 May 2021 11:12:56 +0200 Subject: [PATCH 036/483] Correting findings: Using DER format instead of PEM while testing to minimize the resource usage. Comparation of byte arrays in test are now done via the dedicated ASSERT_COMPARE test macro for better understanding Signed-off-by: toth92g --- tests/suites/test_suite_x509parse.data | 20 +++++----- tests/suites/test_suite_x509parse.function | 43 ++++++++-------------- 2 files changed, 26 insertions(+), 37 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index eb31d0c0b6..b721b70f2a 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3168,36 +3168,36 @@ x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_ X509 CRT parse Subject Key Id - Correct depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId.crt":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:0 +mbedtls_x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:0 -X509 CRT parse Subject Key Id - Wrong +X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt":"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Correct depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:"NL/PolarSSL/PolarSSL Test CA/":"0":1:0 +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:"NL/PolarSSL/PolarSSL Test CA/":"0":1:0 X509 CRT parse Authority Key Id - Wrong Sequence depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 3 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d003b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + MBEDTLS_ERR_X509_INVALID_NAME diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index bdd243f50f..07ac4cfab4 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1474,27 +1474,22 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ -void mbedtls_x509_crt_parse_subjectkeyid(char *crt_path, +void mbedtls_x509_crt_parse_subjectkeyid(data_t *buf, char *subjectKeyId, int subjectKeyIdLength, int retVal) { mbedtls_x509_crt crt; - int i = 0; - int result = 0; mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_path) == retVal); + TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == retVal); if (retVal != 0) { - while (i < subjectKeyIdLength) { - result |= crt.subject_key_id.p[i] != subjectKeyId[i*2]; - result |= crt.subject_key_id.p[i+1] != subjectKeyId[i*2+1]; - i++; - } - - TEST_ASSERT(result == 0); + ASSERT_COMPARE(crt.subject_key_id.p, + (int) crt.subject_key_id.len, + subjectKeyId, + subjectKeyIdLength); } exit: @@ -1503,7 +1498,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ -void mbedtls_x509_crt_parse_authoritykeyid(char *crt_path, +void mbedtls_x509_crt_parse_authoritykeyid(data_t *buf, char *authorityKeyId_keyId, int keyIdLength, char *authorityKeyId_issuer, @@ -1512,22 +1507,20 @@ void mbedtls_x509_crt_parse_authoritykeyid(char *crt_path, int retVal) { mbedtls_x509_crt crt; - int i = 0; int result = 0; int bufferCounter = 0; size_t issuerCounter = 0; mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_path) == retVal); + TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == retVal); if (retVal != 0) { /* KeyId test */ - while (i < keyIdLength) { - result |= crt.authority_key_id.keyIdentifier.p[i] != authorityKeyId_keyId[i*2]; - result |= crt.authority_key_id.keyIdentifier.p[i+1] != authorityKeyId_keyId[i*2+1]; - i++; - } + ASSERT_COMPARE(crt.authority_key_id.keyIdentifier.p, + (int) crt.authority_key_id.keyIdentifier.len, + authorityKeyId_keyId, + keyIdLength); /* Issuer test */ mbedtls_x509_name *issuerPtr = &crt.authority_key_id.authorityCertIssuer; @@ -1541,14 +1534,10 @@ void mbedtls_x509_crt_parse_authoritykeyid(char *crt_path, } /* Serial test */ - i = 0; - while (i < serialLength) { - result |= crt.authority_key_id.authorityCertSerialNumber.p[i] != - authorityKeyId_serial[i*2]; - result |= crt.authority_key_id.authorityCertSerialNumber.p[i+1] != - authorityKeyId_serial[i*2+1]; - i++; - } + ASSERT_COMPARE(crt.authority_key_id.authorityCertSerialNumber.p, + (int) crt.authority_key_id.authorityCertSerialNumber.len, + authorityKeyId_serial, + serialLength); TEST_ASSERT(result == 0); } From 357b297b16973e269925a45c1a9a97f80f705cbf Mon Sep 17 00:00:00 2001 From: toth92g Date: Tue, 4 May 2021 15:41:35 +0200 Subject: [PATCH 037/483] Correcting tests: - Wrong condition was checked (ref_ret != 0 instead of ref_ret == 0) - tags were not checked (nor lengths) - Using ASSERT_COMPARE where possible Signed-off-by: toth92g --- tests/suites/test_suite_x509parse.data | 24 +++++----- tests/suites/test_suite_x509parse.function | 52 +++++++++++----------- 2 files changed, 37 insertions(+), 39 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b721b70f2a..087269c868 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3166,38 +3166,38 @@ X509 ext types accessor: ext type not present depends_on:MBEDTLS_X509_CRT_PARSE_C x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME -X509 CRT parse Subject Key Id - Correct +X509 CRT parse Subject Key Id - Correct Subject Key ID depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:0 +mbedtls_x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:0 X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -X509 CRT parse Authority Key Id - Correct +X509 CRT parse Authority Key Id - Correct Authority Key ID depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF":20:"NL/PolarSSL/PolarSSL Test CA/":"0":1:0 +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:"NL/PolarSSL/PolarSSL Test CA/":1:0 -X509 CRT parse Authority Key Id - Wrong Sequence +X509 CRT parse Authority Key Id - Wrong Sequence tag depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 3 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d003b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d003b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":"":0:"":"0":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + MBEDTLS_ERR_X509_INVALID_NAME diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 07ac4cfab4..5b59be3b3a 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1474,22 +1474,20 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ -void mbedtls_x509_crt_parse_subjectkeyid(data_t *buf, - char *subjectKeyId, - int subjectKeyIdLength, - int retVal) +void mbedtls_x509_crt_parse_subjectkeyid(data_t *buf, unsigned int subjectKeyIdLength, int ref_ret) { mbedtls_x509_crt crt; mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == retVal); + TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == ref_ret); - if (retVal != 0) { - ASSERT_COMPARE(crt.subject_key_id.p, - (int) crt.subject_key_id.len, - subjectKeyId, - subjectKeyIdLength); + if (ref_ret == 0) { + TEST_ASSERT(crt.subject_key_id.tag == MBEDTLS_ASN1_OCTET_STRING); + TEST_ASSERT(crt.subject_key_id.len == subjectKeyIdLength); + } else { + TEST_ASSERT(crt.subject_key_id.tag == 0); + TEST_ASSERT(crt.subject_key_id.len == 0); } exit: @@ -1499,28 +1497,24 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ void mbedtls_x509_crt_parse_authoritykeyid(data_t *buf, - char *authorityKeyId_keyId, - int keyIdLength, + unsigned int keyIdLength, char *authorityKeyId_issuer, - char *authorityKeyId_serial, - int serialLength, - int retVal) + unsigned int serialLength, + int ref_ret) { mbedtls_x509_crt crt; - int result = 0; int bufferCounter = 0; size_t issuerCounter = 0; + unsigned int result = 0; mbedtls_x509_crt_init(&crt); - TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == retVal); + TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == ref_ret); - if (retVal != 0) { + if (ref_ret == 0) { /* KeyId test */ - ASSERT_COMPARE(crt.authority_key_id.keyIdentifier.p, - (int) crt.authority_key_id.keyIdentifier.len, - authorityKeyId_keyId, - keyIdLength); + TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == MBEDTLS_ASN1_OCTET_STRING); + TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyIdLength); /* Issuer test */ mbedtls_x509_name *issuerPtr = &crt.authority_key_id.authorityCertIssuer; @@ -1532,14 +1526,18 @@ void mbedtls_x509_crt_parse_authoritykeyid(data_t *buf, bufferCounter++; /* Skipping the slash */ issuerPtr = issuerPtr->next; } + TEST_ASSERT(result == 0); /* Serial test */ - ASSERT_COMPARE(crt.authority_key_id.authorityCertSerialNumber.p, - (int) crt.authority_key_id.authorityCertSerialNumber.len, - authorityKeyId_serial, - serialLength); + TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == + MBEDTLS_ASN1_OCTET_STRING); + TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serialLength); + } else { + TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0); + TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == 0); - TEST_ASSERT(result == 0); + TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == 0); + TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == 0); } exit: From 5042b104c23d1eb4e952c5bad859a2135c48e425 Mon Sep 17 00:00:00 2001 From: toth92g Date: Thu, 6 May 2021 08:22:17 +0200 Subject: [PATCH 038/483] - Removing obsolete test files (DER strings are used instead of them to minimize resource usage) - Renaming test functions to match the naming conventions Signed-off-by: toth92g --- .../authorityKeyId_subjectKeyId.conf | 9 -------- .../authorityKeyId_subjectKeyId.crt | 21 ------------------- ...ubjectKeyId_wrong_AuthorityKeyId_KeyId.crt | 3 --- ...ectKeyId_wrong_AuthorityKeyId_Sequence.crt | 3 --- ...horityKeyId_subjectKeyId_wrong_Issuer1.crt | 3 --- ...horityKeyId_subjectKeyId_wrong_Issuer2.crt | 3 --- ...horityKeyId_subjectKeyId_wrong_Issuer3.crt | 3 --- ...horityKeyId_subjectKeyId_wrong_Issuer4.crt | 3 --- ...yKeyId_subjectKeyId_wrong_SubjectKeyId.crt | 3 --- tests/suites/test_suite_x509parse.data | 18 ++++++++-------- tests/suites/test_suite_x509parse.function | 12 +++++------ 11 files changed, 15 insertions(+), 66 deletions(-) delete mode 100644 tests/data_files/authorityKeyId_subjectKeyId.conf delete mode 100644 tests/data_files/authorityKeyId_subjectKeyId.crt delete mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt delete mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt delete mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt delete mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt delete mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt delete mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt delete mode 100644 tests/data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf deleted file mode 100644 index d875c6ffe0..0000000000 --- a/tests/data_files/authorityKeyId_subjectKeyId.conf +++ /dev/null @@ -1,9 +0,0 @@ -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -CN = MBEDTLS -[v3_req] -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always diff --git a/tests/data_files/authorityKeyId_subjectKeyId.crt b/tests/data_files/authorityKeyId_subjectKeyId.crt deleted file mode 100644 index c2c9a6300c..0000000000 --- a/tests/data_files/authorityKeyId_subjectKeyId.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx -mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny -50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n -YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL -R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu -KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH -/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV -BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz -dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ -SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H -DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF -pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf -m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ -7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== ------END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt deleted file mode 100644 index bc2874100d..0000000000 --- a/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWgAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== ------END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt deleted file mode 100644 index 6a7d7f7eee..0000000000 --- a/tests/data_files/authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwAWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== ------END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt deleted file mode 100644 index 045c570291..0000000000 --- a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer1.crt +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8AP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== ------END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt deleted file mode 100644 index a103729420..0000000000 --- a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer2.crt +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hPwA9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== ------END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt deleted file mode 100644 index dabad62b22..0000000000 --- a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer3.crt +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9ADsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== ------END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt deleted file mode 100644 index 55e65799eb..0000000000 --- a/tests/data_files/authorityKeyId_subjectKeyId_wrong_Issuer4.crt +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsACzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== ------END CERTIFICATE----- \ No newline at end of file diff --git a/tests/data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt b/tests/data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt deleted file mode 100644 index 4c99a2f43a..0000000000 --- a/tests/data_files/authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHxmdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8nYMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnLR7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsuKNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGjgZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJSsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8HDBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkFpjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkfm/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== ------END CERTIFICATE----- \ No newline at end of file diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 087269c868..1480f946dc 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3168,36 +3168,36 @@ x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_ X509 CRT parse Subject Key Id - Correct Subject Key ID depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:0 +x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:0 X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Correct Authority Key ID depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:"NL/PolarSSL/PolarSSL Test CA/":1:0 +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:"NL/PolarSSL/PolarSSL Test CA/":1:0 X509 CRT parse Authority Key Id - Wrong Sequence tag depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 3 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d003b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d003b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -mbedtls_x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + MBEDTLS_ERR_X509_INVALID_NAME +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + MBEDTLS_ERR_X509_INVALID_NAME diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 5b59be3b3a..2dab7ef2ef 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1474,7 +1474,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ -void mbedtls_x509_crt_parse_subjectkeyid(data_t *buf, unsigned int subjectKeyIdLength, int ref_ret) +void x509_crt_parse_subjectkeyid(data_t *buf, unsigned int subjectKeyIdLength, int ref_ret) { mbedtls_x509_crt crt; @@ -1496,11 +1496,11 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ -void mbedtls_x509_crt_parse_authoritykeyid(data_t *buf, - unsigned int keyIdLength, - char *authorityKeyId_issuer, - unsigned int serialLength, - int ref_ret) +void x509_crt_parse_authoritykeyid(data_t *buf, + unsigned int keyIdLength, + char *authorityKeyId_issuer, + unsigned int serialLength, + int ref_ret) { mbedtls_x509_crt crt; int bufferCounter = 0; From 8d435a0c8b080e3d1c8fa2533d299cab818f65d1 Mon Sep 17 00:00:00 2001 From: toth92g Date: Mon, 10 May 2021 15:16:33 +0200 Subject: [PATCH 039/483] Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type. Also updated the x509_get_general_names function to be able to parse rfc822Names Test are also updated according these changes. Signed-off-by: toth92g --- include/mbedtls/x509.h | 2 +- include/mbedtls/x509_crt.h | 30 ++ library/x509_crt.c | 439 ++++++++++++++++----- tests/suites/test_suite_x509parse.data | 2 +- tests/suites/test_suite_x509parse.function | 9 +- 5 files changed, 375 insertions(+), 107 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 5a9f2b5d40..ed9ae63a75 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -248,7 +248,7 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence; */ typedef struct mbedtls_x509_authority { mbedtls_x509_buf keyIdentifier; - mbedtls_x509_name authorityCertIssuer; + mbedtls_x509_sequence authorityCertIssuer; mbedtls_x509_buf authorityCertSerialNumber; mbedtls_x509_buf raw; } diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 672cdf5a44..42ae671a57 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -561,6 +561,36 @@ int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path); int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path); #endif /* MBEDTLS_FS_IO */ +/** + * \brief This function parses an item in the SubjectAlternativeNames + * extension. + * + * \param san_buf The buffer holding the raw data item of the subject + * alternative name. + * \param san The target structure to populate with the parsed presentation + * of the subject alternative name encoded in \p san_raw. + * + * \note Only "dnsName" and "otherName" and "rfc822Name" of type hardware_module_name + * as defined in RFC 4180 is supported. + * + * \note This function should be called on a single raw data of + * subject alternative name. For example, after successful + * certificate parsing, one must iterate on every item in the + * \p crt->subject_alt_names sequence, and pass it to + * this function. + * + * \warning The target structure contains pointers to the raw data of the + * parsed certificate, and its lifetime is restricted by the + * lifetime of the certificate. + * + * \return \c 0 on success + * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported + * SAN type. + * \return Another negative value for any other failure. + */ +int mbedtls_x509_parse_general_name(const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san); + #if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Returns an informational string about the diff --git a/library/x509_crt.c b/library/x509_crt.c index 8cb78e553c..d9318b8322 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -617,92 +617,6 @@ static int x509_get_subject_key_id(unsigned char **p, } /* - * AuthorityKeyIdentifier ::= SEQUENCE { - * keyIdentifier [0] KeyIdentifier OPTIONAL, - * authorityCertIssuer [1] GeneralNames OPTIONAL, - * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - * - * KeyIdentifier ::= OCTET STRING - */ -static int x509_get_authority_key_id(unsigned char **p, - unsigned char *end, - mbedtls_x509_authority *authority_key_id) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0u; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return ret; - } - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0) { - /* KeyIdentifier is an OPTIONAL field */ - } else { - authority_key_id->keyIdentifier.len = len; - authority_key_id->keyIdentifier.p = *p; - authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; - - *p += len; - } - - if (*p < end) { - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_BOOLEAN)) != 0) { - /* authorityCertIssuer is an OPTIONAL field */ - } else { - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return ret; - } else { - authority_key_id->raw.p = *p; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)) != 0) { - return ret; - } - - if ((ret = - mbedtls_x509_get_name(p, *p + len, - &authority_key_id->authorityCertIssuer)) != 0) { - return ret; - } - - authority_key_id->raw.len = *p - authority_key_id->raw.p; - } - } - } - - if (*p < end) { - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER)) != - 0) { - /* authorityCertSerialNumber is an OPTIONAL field, but if there are still data it must be the serial number */ - return ret; - } else { - authority_key_id->authorityCertSerialNumber.len = len; - authority_key_id->authorityCertSerialNumber.p = *p; - authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING; - *p += len; - } - } - - if (*p != end) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } - - return 0; -} - -/* - * SubjectAltName ::= GeneralNames - * * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * * GeneralName ::= CHOICE { @@ -727,9 +641,9 @@ static int x509_get_authority_key_id(unsigned char **p, * NOTE: we list all types, but only use dNSName and otherName * of type HwModuleName, as defined in RFC 4108, at this point. */ -static int x509_get_subject_alt_name(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name) +static int x509_get_general_names(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len, tag_len; @@ -758,16 +672,20 @@ static int x509_get_subject_alt_name(unsigned char **p, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } + /* Tag shall be CONTEXT_SPECIFIC or SET */ if ((tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != MBEDTLS_ASN1_CONTEXT_SPECIFIC) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + if ((tag & (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != + (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { + return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; + } } /* * Check that the SAN is structured correctly. */ - ret = mbedtls_x509_parse_subject_alt_name(&(cur->buf), &dummy_san_buf); + ret = mbedtls_x509_parse_general_name(&(cur->buf), &dummy_san_buf); /* * In case the extension is malformed, return an error, * and clear the allocated sequences. @@ -812,6 +730,78 @@ static int x509_get_subject_alt_name(unsigned char **p, return 0; } +/* + * AuthorityKeyIdentifier ::= SEQUENCE { + * keyIdentifier [0] KeyIdentifier OPTIONAL, + * authorityCertIssuer [1] GeneralNames OPTIONAL, + * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } + * + * KeyIdentifier ::= OCTET STRING + */ +static int x509_get_authority_key_id(unsigned char **p, + unsigned char *end, + mbedtls_x509_authority *authority_key_id) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len = 0u; + + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE | 0)) != 0) { + return ret; + } + + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0) { + /* KeyIdentifier is an OPTIONAL field */ + } else { + authority_key_id->keyIdentifier.len = len; + authority_key_id->keyIdentifier.p = *p; + authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; + + *p += len; + } + + if (*p < end) { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | + 1)) != 0) { + /* authorityCertIssuer is an OPTIONAL field */ + } else { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 4)) != 0) { + return ret; + } else { + /* "end" also includes the CertSerialNumber field so "len" shall be used */ + ret = x509_get_general_names(p, + (*p+len), + &authority_key_id->authorityCertIssuer); + } + } + } + + if (*p < end) { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER)) != + 0) { + /* authorityCertSerialNumber is an OPTIONAL field, but if there are still data it must be the serial number */ + return ret; + } else { + authority_key_id->authorityCertSerialNumber.len = len; + authority_key_id->authorityCertSerialNumber.p = *p; + authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING; + *p += len; + } + } + + if (*p != end) { + return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + + return 0; +} + /* * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } * @@ -1109,6 +1099,7 @@ static int x509_get_crt_ext(unsigned char **p, return ret; } break; + case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER: /* Parse subject key identifier */ if ((ret = x509_get_subject_key_id(p, end_ext_data, @@ -1116,6 +1107,7 @@ static int x509_get_crt_ext(unsigned char **p, return ret; } break; + case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER: /* Parse authority key identifier */ if ((ret = x509_get_authority_key_id(p, end_ext_octet, @@ -1124,9 +1116,11 @@ static int x509_get_crt_ext(unsigned char **p, } break; case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: - /* Parse subject alt name */ - if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, - &crt->subject_alt_names)) != 0) { + /* Parse subject alt name + * SubjectAltName ::= GeneralNames + */ + if ((ret = x509_get_general_names(p, end_ext_octet, + &crt->subject_alt_names)) != 0) { return ret; } break; @@ -1784,6 +1778,248 @@ cleanup: #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) +static int x509_info_subject_alt_name(char **buf, size_t *size, + const mbedtls_x509_sequence + *subject_alt_name, + const char *prefix) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t i; + size_t n = *size; + char *p = *buf; + const mbedtls_x509_sequence *cur = subject_alt_name; + mbedtls_x509_subject_alternative_name san; + int parse_ret; + + while (cur != NULL) { + memset(&san, 0, sizeof(san)); + parse_ret = mbedtls_x509_parse_general_name(&cur->buf, &san); + if (parse_ret != 0) { + if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { + ret = mbedtls_snprintf(p, n, "\n%s ", prefix); + MBEDTLS_X509_SAFE_SNPRINTF; + } else { + ret = mbedtls_snprintf(p, n, "\n%s ", prefix); + MBEDTLS_X509_SAFE_SNPRINTF; + } + cur = cur->next; + continue; + } + + switch (san.type) { + /* + * otherName + */ + case MBEDTLS_X509_SAN_OTHER_NAME: + { + mbedtls_x509_san_other_name *other_name = &san.san.other_name; + + ret = mbedtls_snprintf(p, n, "\n%s otherName :", prefix); + MBEDTLS_X509_SAFE_SNPRINTF; + + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, + &other_name->value.hardware_module_name.oid) != 0) { + ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); + MBEDTLS_X509_SAFE_SNPRINTF; + ret = + mbedtls_snprintf(p, n, "\n%s hardware type : ", prefix); + MBEDTLS_X509_SAFE_SNPRINTF; + + ret = mbedtls_oid_get_numeric_string(p, + n, + &other_name->value.hardware_module_name.oid); + MBEDTLS_X509_SAFE_SNPRINTF; + + ret = + mbedtls_snprintf(p, n, "\n%s hardware serial number : ", prefix); + MBEDTLS_X509_SAFE_SNPRINTF; + + for (i = 0; i < other_name->value.hardware_module_name.val.len; i++) { + ret = mbedtls_snprintf(p, + n, + "%02X", + other_name->value.hardware_module_name.val.p[i]); + MBEDTLS_X509_SAFE_SNPRINTF; + } + }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ + } + break; + + /* + * dNSName + */ + case MBEDTLS_X509_SAN_DNS_NAME: + { + ret = mbedtls_snprintf(p, n, "\n%s dNSName : ", prefix); + MBEDTLS_X509_SAFE_SNPRINTF; + if (san.san.unstructured_name.len >= n) { + *p = '\0'; + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + + memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); + p += san.san.unstructured_name.len; + n -= san.san.unstructured_name.len; + } + break; + + /* + * Type not supported, skip item. + */ + default: + ret = mbedtls_snprintf(p, n, "\n%s ", prefix); + MBEDTLS_X509_SAFE_SNPRINTF; + break; + } + + cur = cur->next; + } + + *p = '\0'; + + *size = n; + *buf = p; + + return 0; +} + +int mbedtls_x509_parse_general_name(const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + switch (san_buf->tag & + (MBEDTLS_ASN1_TAG_CLASS_MASK | + MBEDTLS_ASN1_TAG_VALUE_MASK)) { + /* + * otherName + */ + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): + { + mbedtls_x509_san_other_name other_name; + + ret = x509_get_other_name(san_buf, &other_name); + if (ret != 0) { + return ret; + } + + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); + san->type = MBEDTLS_X509_SAN_OTHER_NAME; + memcpy(&san->san.other_name, + &other_name, sizeof(other_name)); + + } + break; + + /* + * dNSName + */ + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): + { + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); + san->type = MBEDTLS_X509_SAN_DNS_NAME; + + memcpy(&san->san.unstructured_name, + san_buf, sizeof(*san_buf)); + + } + break; + + /* + * RFC822 Name + */ + case (MBEDTLS_ASN1_SEQUENCE | MBEDTLS_X509_SAN_RFC822_NAME): + { + mbedtls_x509_name rfc822Name; + unsigned char *bufferPointer = san_buf->p; + unsigned char **p = &bufferPointer; + const unsigned char *end = san_buf->p + san_buf->len; + + /* The leading ASN1 tag and length has been processed. Stepping back with 2 bytes, because mbedtls_x509_get_name expects the beginning of the SET tag */ + *p = *p - 2; + + ret = mbedtls_x509_get_name(p, end, &rfc822Name); + if (ret != 0) { + return ret; + } + + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); + san->type = MBEDTLS_X509_SAN_OTHER_NAME; + memcpy(&san->san.unstructured_name, + &rfc822Name, sizeof(rfc822Name)); + } + break; + + /* + * Type not supported + */ + default: + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + } + return 0; +} + +#define PRINT_ITEM(i) \ + { \ + ret = mbedtls_snprintf(p, n, "%s" i, sep); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + sep = ", "; \ + } + +#define CERT_TYPE(type, name) \ + if (ns_cert_type & (type)) \ + PRINT_ITEM(name); + +static int x509_info_cert_type(char **buf, size_t *size, + unsigned char ns_cert_type) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t n = *size; + char *p = *buf; + const char *sep = ""; + + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA"); + + *size = n; + *buf = p; + + return 0; +} + +#define KEY_USAGE(code, name) \ + if (key_usage & (code)) \ + PRINT_ITEM(name); + +static int x509_info_key_usage(char **buf, size_t *size, + unsigned int key_usage) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t n = *size; + char *p = *buf; + const char *sep = ""; + + KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature"); + KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation"); + KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment"); + KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment"); + KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement"); + KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign"); + KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign"); + KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only"); + KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only"); + + *size = n; + *buf = p; + + return 0; +} + static int x509_info_ext_key_usage(char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage) { @@ -3077,12 +3313,13 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); - name_cur = cert_cur->authority_key_id.authorityCertIssuer.next; - while (name_cur != NULL) { - name_prv = name_cur; - name_cur = name_cur->next; - mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); - mbedtls_free(name_prv); + seq_cur = cert_cur->authority_key_id.authorityCertIssuer.next; + while (seq_cur != NULL) { + seq_prv = seq_cur; + seq_cur = seq_cur->next; + mbedtls_platform_zeroize(seq_prv, + sizeof(mbedtls_x509_sequence)); + mbedtls_free(seq_prv); } if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 1480f946dc..230ca2e2e1 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3200,4 +3200,4 @@ x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + MBEDTLS_ERR_X509_INVALID_NAME +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 2dab7ef2ef..f258970328 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -458,7 +458,7 @@ void x509_parse_san(char *crt_file, char *result_str, int parse_result) if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { cur = &crt.subject_alt_names; while (cur != NULL) { - ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); + ret = mbedtls_x509_parse_general_name(&cur->buf, &san); TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); /* * If san type not supported, ignore. @@ -1517,11 +1517,12 @@ void x509_crt_parse_authoritykeyid(data_t *buf, TEST_ASSERT(crt.authority_key_id.keyIdentifier.len == keyIdLength); /* Issuer test */ - mbedtls_x509_name *issuerPtr = &crt.authority_key_id.authorityCertIssuer; + mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; while (issuerPtr != NULL) { - for (issuerCounter = 0u; issuerCounter < issuerPtr->val.len; issuerCounter++) { + /* First 9 bytes are always ASN1 coding related information that does not matter right now. Only the values are asserted */ + for (issuerCounter = 9u; issuerCounter < issuerPtr->buf.len; issuerCounter++) { result |= - (authorityKeyId_issuer[bufferCounter++] != issuerPtr->val.p[issuerCounter]); + (authorityKeyId_issuer[bufferCounter++] != issuerPtr->buf.p[issuerCounter]); } bufferCounter++; /* Skipping the slash */ issuerPtr = issuerPtr->next; From 9085cff4388cd070b432545dbb77f976b516c344 Mon Sep 17 00:00:00 2001 From: toth92g Date: Tue, 11 May 2021 10:46:54 +0200 Subject: [PATCH 040/483] Removing obsolete test after merging and correcting missing macro Signed-off-by: toth92g --- tests/suites/test_suite_x509parse.function | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f258970328..4f80b64e21 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1545,10 +1545,3 @@ exit: mbedtls_x509_crt_free(&crt); } /* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */ -void x509_selftest() -{ - TEST_ASSERT(mbedtls_x509_self_test(1) == 0); -} -/* END_CASE */ From 9232e0ad84351c74eaf21c63959fcaeba5bc13bc Mon Sep 17 00:00:00 2001 From: toth92g Date: Tue, 11 May 2021 12:55:58 +0200 Subject: [PATCH 041/483] Adding some comments for easier understand Signed-off-by: toth92g --- library/x509_crt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index d9318b8322..a37e1dbafa 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -756,17 +756,22 @@ static int x509_get_authority_key_id(unsigned char **p, } else { authority_key_id->keyIdentifier.len = len; authority_key_id->keyIdentifier.p = *p; + /* Setting tag of the keyIdentfier intentionally to 0x04. + * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL), + * its tag with the content is the payload of on OCTET STRING primitive */ authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; *p += len; } if (*p < end) { + /* Getting authorityCertIssuer using the required specific class tag [1] */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1)) != 0) { /* authorityCertIssuer is an OPTIONAL field */ } else { + /* Getting directoryName using the required specific class tag [4] */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 4)) != 0) { From 62d8f84be2a524f7dcf355645431e614b39c3f82 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 3 Jan 2023 09:37:47 +0100 Subject: [PATCH 042/483] Adapt mbedtls_x509_crt_free after rebase Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index a37e1dbafa..40bffb4c27 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -3304,6 +3304,8 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) { mbedtls_x509_crt *cert_cur = crt; mbedtls_x509_crt *cert_prv; + mbedtls_x509_sequence *seq_cur; + mbedtls_x509_sequence *seq_prv; while (cert_cur != NULL) { mbedtls_pk_free(&cert_cur->pk); From db323aa241f540e1add620fcf25ffa192d3224b6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 3 Jan 2023 09:45:13 +0100 Subject: [PATCH 043/483] Fix Subject Key Identifier, Authority Key Identifier entries in oid_x509_ext Signed-off-by: Przemek Stekiel --- library/oid.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/library/oid.c b/library/oid.c index 79bf554565..a7414f7a3d 100644 --- a/library/oid.c +++ b/library/oid.c @@ -319,17 +319,19 @@ static const oid_x509_ext_t oid_x509_ext[] = MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, }, { - { ADD_LEN(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER), "id-ce-subjectKeyIdentifier", - "Subject Key Identifier" }, + OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, + "id-ce-subjectKeyIdentifier", + "Subject Key Identifier"), MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER, }, { - { ADD_LEN(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER), "id-ce-authorityKeyIdentifier", - "Authority Key Identifier" }, + OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, + "id-ce-authorityKeyIdentifier", + "Authority Key Identifier"), MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER, }, { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, 0, }, }; From 9a511c5bdf9e41795a6cef4a29aff6b74b97c857 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 3 Jan 2023 10:23:13 +0100 Subject: [PATCH 044/483] Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name Signed-off-by: Przemek Stekiel --- include/mbedtls/x509_crt.h | 4 ++-- library/x509_crt.c | 8 ++++---- tests/suites/test_suite_x509parse.function | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 42ae671a57..cd089ce70b 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -588,8 +588,8 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path); * SAN type. * \return Another negative value for any other failure. */ -int mbedtls_x509_parse_general_name(const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san); +int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san); #if !defined(MBEDTLS_X509_REMOVE_INFO) /** diff --git a/library/x509_crt.c b/library/x509_crt.c index 40bffb4c27..476c162457 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -685,7 +685,7 @@ static int x509_get_general_names(unsigned char **p, /* * Check that the SAN is structured correctly. */ - ret = mbedtls_x509_parse_general_name(&(cur->buf), &dummy_san_buf); + ret = mbedtls_x509_parse_subject_alt_name(&(cur->buf), &dummy_san_buf); /* * In case the extension is malformed, return an error, * and clear the allocated sequences. @@ -1798,7 +1798,7 @@ static int x509_info_subject_alt_name(char **buf, size_t *size, while (cur != NULL) { memset(&san, 0, sizeof(san)); - parse_ret = mbedtls_x509_parse_general_name(&cur->buf, &san); + parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); if (parse_ret != 0) { if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { ret = mbedtls_snprintf(p, n, "\n%s ", prefix); @@ -1888,8 +1888,8 @@ static int x509_info_subject_alt_name(char **buf, size_t *size, return 0; } -int mbedtls_x509_parse_general_name(const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san) +int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; switch (san_buf->tag & diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 4f80b64e21..921b3fd8d4 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -458,7 +458,7 @@ void x509_parse_san(char *crt_file, char *result_str, int parse_result) if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { cur = &crt.subject_alt_names; while (cur != NULL) { - ret = mbedtls_x509_parse_general_name(&cur->buf, &san); + ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); /* * If san type not supported, ignore. From 240cbe40402b486dca4b79b6081a2dacc058c002 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 3 Jan 2023 10:35:51 +0100 Subject: [PATCH 045/483] Remove generation of authorityKeyId_subjectKeyId.crt from makefile Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 9 --------- 1 file changed, 9 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3a2fca5a18..4228f45822 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -389,15 +389,6 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ all_final += rsa_pkcs8_2048_public.der -authorityKeyId_subjectKeyId.crt: - $(OPENSSL) req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout authorityKeyId_subjectKeyId.crt -out authorityKeyId_subjectKeyId.crt -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' -# The listed certificates are the copies of authorityKeyId_subjectKeyId.crt with error injections -# authorityKeyId_subjectKeyId_wrong_SubjectKeyId.crt The TAG marking the beginning of SubjectKeyId is set to 0x00 -# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_KeyId.crt The TAG marking the beginning of AuthorityKeyId field is set to 0x00 -# authorityKeyId_subjectKeyId_wrong_AuthorityKeyId_Sequence.crt The TAG marking that AuthorityKeyId is a sequence is set to 0x00 -# authorityKeyId_subjectKeyId_wrong_IssuerN.crt There are 5 different TAGs based on the x509 doc under AuthorityKeyId(keyId, Dir, Seqence of Dir, serial) -# Each test inject error to one of these - ################################################################ #### Generate various RSA keys ################################################################ From a2939e8728a56fa815aec918c7ef9e2d7f40cfde Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 3 Jan 2023 13:35:54 +0100 Subject: [PATCH 046/483] Remove duplicated function Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 245 +++++++++++++++++++++++++++++++-------------- 1 file changed, 170 insertions(+), 75 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 476c162457..269ccbc4a4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1782,6 +1782,176 @@ cleanup: } #endif /* MBEDTLS_FS_IO */ +/* + * OtherName ::= SEQUENCE { + * type-id OBJECT IDENTIFIER, + * value [0] EXPLICIT ANY DEFINED BY type-id } + * + * HardwareModuleName ::= SEQUENCE { + * hwType OBJECT IDENTIFIER, + * hwSerialNum OCTET STRING } + * + * NOTE: we currently only parse and use otherName of type HwModuleName, + * as defined in RFC 4108. + */ +static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, + mbedtls_x509_san_other_name *other_name) +{ + int ret = 0; + size_t len; + unsigned char *p = subject_alt_name->p; + const unsigned char *end = p + subject_alt_name->len; + mbedtls_x509_buf cur_oid; + + if ((subject_alt_name->tag & + (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) != + (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) { + /* + * The given subject alternative name is not of type "othername". + */ + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } + + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + cur_oid.tag = MBEDTLS_ASN1_OID; + cur_oid.p = p; + cur_oid.len = len; + + /* + * Only HwModuleName is currently supported. + */ + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + } + + if (p + len >= end) { + mbedtls_platform_zeroize(other_name, sizeof(*other_name)); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + p += len; + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != + 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; + other_name->value.hardware_module_name.oid.p = p; + other_name->value.hardware_module_name.oid.len = len; + + if (p + len >= end) { + mbedtls_platform_zeroize(other_name, sizeof(*other_name)); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + p += len; + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; + other_name->value.hardware_module_name.val.p = p; + other_name->value.hardware_module_name.val.len = len; + p += len; + if (p != end) { + mbedtls_platform_zeroize(other_name, + sizeof(*other_name)); + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + return 0; +} + +int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + switch (san_buf->tag & + (MBEDTLS_ASN1_TAG_CLASS_MASK | + MBEDTLS_ASN1_TAG_VALUE_MASK)) { + /* + * otherName + */ + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): + { + mbedtls_x509_san_other_name other_name; + + ret = x509_get_other_name(san_buf, &other_name); + if (ret != 0) { + return ret; + } + + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); + san->type = MBEDTLS_X509_SAN_OTHER_NAME; + memcpy(&san->san.other_name, + &other_name, sizeof(other_name)); + + } + break; + + /* + * dNSName + */ + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): + { + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); + san->type = MBEDTLS_X509_SAN_DNS_NAME; + + memcpy(&san->san.unstructured_name, + san_buf, sizeof(*san_buf)); + + } + break; + + /* + * RFC822 Name + */ + case (MBEDTLS_ASN1_SEQUENCE | MBEDTLS_X509_SAN_RFC822_NAME): + { + mbedtls_x509_name rfc822Name; + unsigned char *bufferPointer = san_buf->p; + unsigned char **p = &bufferPointer; + const unsigned char *end = san_buf->p + san_buf->len; + + /* The leading ASN1 tag and length has been processed. Stepping back with 2 bytes, because mbedtls_x509_get_name expects the beginning of the SET tag */ + *p = *p - 2; + + ret = mbedtls_x509_get_name(p, end, &rfc822Name); + if (ret != 0) { + return ret; + } + + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); + san->type = MBEDTLS_X509_SAN_OTHER_NAME; + memcpy(&san->san.unstructured_name, + &rfc822Name, sizeof(rfc822Name)); + } + break; + + /* + * Type not supported + */ + default: + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + } + return 0; +} + #if !defined(MBEDTLS_X509_REMOVE_INFO) static int x509_info_subject_alt_name(char **buf, size_t *size, const mbedtls_x509_sequence @@ -1888,81 +2058,6 @@ static int x509_info_subject_alt_name(char **buf, size_t *size, return 0; } -int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - switch (san_buf->tag & - (MBEDTLS_ASN1_TAG_CLASS_MASK | - MBEDTLS_ASN1_TAG_VALUE_MASK)) { - /* - * otherName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): - { - mbedtls_x509_san_other_name other_name; - - ret = x509_get_other_name(san_buf, &other_name); - if (ret != 0) { - return ret; - } - - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy(&san->san.other_name, - &other_name, sizeof(other_name)); - - } - break; - - /* - * dNSName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_DNS_NAME; - - memcpy(&san->san.unstructured_name, - san_buf, sizeof(*san_buf)); - - } - break; - - /* - * RFC822 Name - */ - case (MBEDTLS_ASN1_SEQUENCE | MBEDTLS_X509_SAN_RFC822_NAME): - { - mbedtls_x509_name rfc822Name; - unsigned char *bufferPointer = san_buf->p; - unsigned char **p = &bufferPointer; - const unsigned char *end = san_buf->p + san_buf->len; - - /* The leading ASN1 tag and length has been processed. Stepping back with 2 bytes, because mbedtls_x509_get_name expects the beginning of the SET tag */ - *p = *p - 2; - - ret = mbedtls_x509_get_name(p, end, &rfc822Name); - if (ret != 0) { - return ret; - } - - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy(&san->san.unstructured_name, - &rfc822Name, sizeof(rfc822Name)); - } - break; - - /* - * Type not supported - */ - default: - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - return 0; -} - #define PRINT_ITEM(i) \ { \ ret = mbedtls_snprintf(p, n, "%s" i, sep); \ From 8a13866f6576570676cf5552e9c068509dafaa4b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 30 Jan 2023 12:29:11 +0100 Subject: [PATCH 047/483] Remove parsing of rfc822Name Signed-off-by: Przemek Stekiel --- include/mbedtls/x509_crt.h | 3 +-- library/x509_crt.c | 25 ------------------------- 2 files changed, 1 insertion(+), 27 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index cd089ce70b..f25ccb2a02 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -570,8 +570,7 @@ int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path); * \param san The target structure to populate with the parsed presentation * of the subject alternative name encoded in \p san_raw. * - * \note Only "dnsName" and "otherName" and "rfc822Name" of type hardware_module_name - * as defined in RFC 4180 is supported. + * \note Only "dnsName" and "otherName" as defined in RFC 5280 are supported. * * \note This function should be called on a single raw data of * subject alternative name. For example, after successful diff --git a/library/x509_crt.c b/library/x509_crt.c index 269ccbc4a4..5e6409bbb0 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1918,31 +1918,6 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, } break; - /* - * RFC822 Name - */ - case (MBEDTLS_ASN1_SEQUENCE | MBEDTLS_X509_SAN_RFC822_NAME): - { - mbedtls_x509_name rfc822Name; - unsigned char *bufferPointer = san_buf->p; - unsigned char **p = &bufferPointer; - const unsigned char *end = san_buf->p + san_buf->len; - - /* The leading ASN1 tag and length has been processed. Stepping back with 2 bytes, because mbedtls_x509_get_name expects the beginning of the SET tag */ - *p = *p - 2; - - ret = mbedtls_x509_get_name(p, end, &rfc822Name); - if (ret != 0) { - return ret; - } - - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy(&san->san.unstructured_name, - &rfc822Name, sizeof(rfc822Name)); - } - break; - /* * Type not supported */ From 3520fe6fda70f96cc0bf18c35648718601e87671 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 30 Jan 2023 14:38:18 +0100 Subject: [PATCH 048/483] Use MBEDTLS_ERROR_ADD() and tag macros Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5e6409bbb0..7389a9cc62 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -609,14 +609,15 @@ static int x509_get_subject_key_id(unsigned char **p, } if (*p != end) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } return 0; } /* + * SubjectAltName ::= GeneralNames * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * * GeneralName ::= CHOICE { @@ -677,8 +678,8 @@ static int x509_get_general_names(unsigned char **p, MBEDTLS_ASN1_CONTEXT_SPECIFIC) { if ((tag & (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } } @@ -746,7 +747,7 @@ static int x509_get_authority_key_id(unsigned char **p, size_t len = 0u; if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE | 0)) != 0) { + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { return ret; } @@ -768,13 +769,14 @@ static int x509_get_authority_key_id(unsigned char **p, /* Getting authorityCertIssuer using the required specific class tag [1] */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - 1)) != 0) { + MBEDTLS_X509_SAN_RFC822_NAME)) != 0) { /* authorityCertIssuer is an OPTIONAL field */ } else { /* Getting directoryName using the required specific class tag [4] */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 4)) != 0) { + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_X509_SAN_DIRECTORY_NAME)) != 0) { return ret; } else { /* "end" also includes the CertSerialNumber field so "len" shall be used */ From 8661fed943806ce3afb34b68ac2f5d4765db00a9 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 31 Jan 2023 08:30:06 +0100 Subject: [PATCH 049/483] Fix tests dependencies Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.data | 18 +++++++++--------- tests/suites/test_suite_x509parse.function | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 230ca2e2e1..18c3c981df 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3167,37 +3167,37 @@ depends_on:MBEDTLS_X509_CRT_PARSE_C x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME X509 CRT parse Subject Key Id - Correct Subject Key ID -depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:0 X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag -depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Correct Authority Key ID -depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:"NL/PolarSSL/PolarSSL Test CA/":1:0 X509 CRT parse Authority Key Id - Wrong Sequence tag -depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag -depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 -depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 -depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 3 -depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d003b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 -depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 921b3fd8d4..6346a6cfd6 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1473,7 +1473,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ void x509_crt_parse_subjectkeyid(data_t *buf, unsigned int subjectKeyIdLength, int ref_ret) { mbedtls_x509_crt crt; @@ -1495,7 +1495,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_CERTS_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ void x509_crt_parse_authoritykeyid(data_t *buf, unsigned int keyIdLength, char *authorityKeyId_issuer, From 6ec839a1f95c5270eb5347a675b4c7497638737c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 1 Feb 2023 11:06:08 +0100 Subject: [PATCH 050/483] x509_get_authority_key_id: add length check + test Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 5 +++++ tests/suites/test_suite_x509parse.data | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index 7389a9cc62..1ebe96a06d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -751,6 +751,11 @@ static int x509_get_authority_key_id(unsigned char **p, return ret; } + if (*p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0) { /* KeyIdentifier is an OPTIONAL field */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 18c3c981df..99834b2f72 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3178,6 +3178,10 @@ X509 CRT parse Authority Key Id - Correct Authority Key ID depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:"NL/PolarSSL/PolarSSL Test CA/":1:0 +X509 CRT parse Authority Key Id - Wrong Length +depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c30598014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + X509 CRT parse Authority Key Id - Wrong Sequence tag depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG From 75653b1df010fe3dd71409c8b1f181b7b0f25f8f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 1 Feb 2023 11:31:32 +0100 Subject: [PATCH 051/483] Add indication of extension error while parsing authority/subject key id Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 8 ++++---- tests/suites/test_suite_x509parse.data | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 1ebe96a06d..2477a93cbd 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -600,7 +600,7 @@ static int x509_get_subject_key_id(unsigned char **p, if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return ret; + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } else { subject_key_id->len = len; subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; @@ -748,7 +748,7 @@ static int x509_get_authority_key_id(unsigned char **p, if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return ret; + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } if (*p + len != end) { @@ -782,7 +782,7 @@ static int x509_get_authority_key_id(unsigned char **p, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_X509_SAN_DIRECTORY_NAME)) != 0) { - return ret; + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } else { /* "end" also includes the CertSerialNumber field so "len" shall be used */ ret = x509_get_general_names(p, @@ -797,7 +797,7 @@ static int x509_get_authority_key_id(unsigned char **p, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER)) != 0) { /* authorityCertSerialNumber is an OPTIONAL field, but if there are still data it must be the serial number */ - return ret; + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } else { authority_key_id->authorityCertSerialNumber.len = len; authority_key_id->authorityCertSerialNumber.p = *p; diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 99834b2f72..f3c35e3ef1 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3172,7 +3172,7 @@ x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70 X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C -x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Correct Authority Key ID depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C @@ -3184,24 +3184,24 @@ x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f X509 CRT parse Authority Key Id - Wrong Sequence tag depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 3 depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d003b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d003b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG From 4f3e7b934e45b6a9db6c1f8e0cb66ea875c838c9 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 3 Feb 2023 15:03:59 +0100 Subject: [PATCH 052/483] Fix parsing of authorityCertIssuer Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 130 +++++++++++++++++++++++---------------------- 1 file changed, 67 insertions(+), 63 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 2477a93cbd..abaf630f89 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -616,53 +616,21 @@ static int x509_get_subject_key_id(unsigned char **p, return 0; } -/* - * SubjectAltName ::= GeneralNames - * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName +/* Check x509_get_subject_alt_name for detailed description. * - * GeneralName ::= CHOICE { - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER } - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * EDIPartyName ::= SEQUENCE { - * nameAssigner [0] DirectoryString OPTIONAL, - * partyName [1] DirectoryString } - * - * NOTE: we list all types, but only use dNSName and otherName - * of type HwModuleName, as defined in RFC 4108, at this point. - */ -static int x509_get_general_names(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name) + * In some cases while parsing subject alternative names the sequence tag is optional + * (e.g. CertSerialNumber). This function is designed to handle such case. +*/ +static int x509_get_subject_alt_name_internal(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len, tag_len; + size_t tag_len; mbedtls_asn1_buf *buf; unsigned char tag; mbedtls_asn1_sequence *cur = subject_alt_name; - /* Get main sequence tag */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - while (*p < end) { mbedtls_x509_subject_alternative_name dummy_san_buf; memset(&dummy_san_buf, 0, sizeof(dummy_san_buf)); @@ -673,14 +641,10 @@ static int x509_get_general_names(unsigned char **p, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } - /* Tag shall be CONTEXT_SPECIFIC or SET */ if ((tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != MBEDTLS_ASN1_CONTEXT_SPECIFIC) { - if ((tag & (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != - (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } /* @@ -731,6 +695,53 @@ static int x509_get_general_names(unsigned char **p, return 0; } +/* + * SubjectAltName ::= GeneralNames + * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + * + * GeneralName ::= CHOICE { + * otherName [0] OtherName, + * rfc822Name [1] IA5String, + * dNSName [2] IA5String, + * x400Address [3] ORAddress, + * directoryName [4] Name, + * ediPartyName [5] EDIPartyName, + * uniformResourceIdentifier [6] IA5String, + * iPAddress [7] OCTET STRING, + * registeredID [8] OBJECT IDENTIFIER } + * + * OtherName ::= SEQUENCE { + * type-id OBJECT IDENTIFIER, + * value [0] EXPLICIT ANY DEFINED BY type-id } + * + * EDIPartyName ::= SEQUENCE { + * nameAssigner [0] DirectoryString OPTIONAL, + * partyName [1] DirectoryString } + * + * NOTE: we list all types, but only use dNSName and otherName + * of type HwModuleName, as defined in RFC 4108, at this point. + */ +static int x509_get_subject_alt_name(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len; + + /* Get main sequence tag */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + if (*p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + + return x509_get_subject_alt_name_internal(p, end, subject_alt_name); +} + /* * AuthorityKeyIdentifier ::= SEQUENCE { * keyIdentifier [0] KeyIdentifier OPTIONAL, @@ -774,29 +785,22 @@ static int x509_get_authority_key_id(unsigned char **p, /* Getting authorityCertIssuer using the required specific class tag [1] */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_X509_SAN_RFC822_NAME)) != 0) { + 1)) != 0) { /* authorityCertIssuer is an OPTIONAL field */ } else { - /* Getting directoryName using the required specific class tag [4] */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_X509_SAN_DIRECTORY_NAME)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } else { - /* "end" also includes the CertSerialNumber field so "len" shall be used */ - ret = x509_get_general_names(p, - (*p+len), - &authority_key_id->authorityCertIssuer); - } + /* "end" also includes the CertSerialNumber field so "len" shall be used */ + ret = x509_get_subject_alt_name_internal(p, + (*p+len), + &authority_key_id->authorityCertIssuer); } } if (*p < end) { + /* Getting authorityCertSerialNumber using the required specific class tag [2] */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER)) != + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER | 2)) != 0) { - /* authorityCertSerialNumber is an OPTIONAL field, but if there are still data it must be the serial number */ + /* authorityCertSerialNumber is an OPTIONAL field */ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } else { authority_key_id->authorityCertSerialNumber.len = len; @@ -1131,8 +1135,8 @@ static int x509_get_crt_ext(unsigned char **p, /* Parse subject alt name * SubjectAltName ::= GeneralNames */ - if ((ret = x509_get_general_names(p, end_ext_octet, - &crt->subject_alt_names)) != 0) { + if ((ret = x509_get_subject_alt_name(p, end_ext_octet, + &crt->subject_alt_names)) != 0) { return ret; } break; From 019842119d4e1d350a1b1d34da02a130f528d9a5 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 9 Feb 2023 09:29:34 +0100 Subject: [PATCH 053/483] Adapt test for authority_key_id (parsing subject alt name) Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.function | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 6346a6cfd6..c7d341dd04 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1506,6 +1506,8 @@ void x509_crt_parse_authoritykeyid(data_t *buf, int bufferCounter = 0; size_t issuerCounter = 0; unsigned int result = 0; + mbedtls_x509_subject_alternative_name san = { 0 }; + mbedtls_x509_name *pname = NULL; mbedtls_x509_crt_init(&crt); @@ -1518,14 +1520,18 @@ void x509_crt_parse_authoritykeyid(data_t *buf, /* Issuer test */ mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer; - while (issuerPtr != NULL) { - /* First 9 bytes are always ASN1 coding related information that does not matter right now. Only the values are asserted */ - for (issuerCounter = 9u; issuerCounter < issuerPtr->buf.len; issuerCounter++) { + + TEST_ASSERT(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san) == 0); + + pname = &san.san.directory_name; + + while (pname != NULL) { + for (issuerCounter = 0; issuerCounter < pname->val.len; issuerCounter++) { result |= - (authorityKeyId_issuer[bufferCounter++] != issuerPtr->buf.p[issuerCounter]); + (authorityKeyId_issuer[bufferCounter++] != pname->val.p[issuerCounter]); } bufferCounter++; /* Skipping the slash */ - issuerPtr = issuerPtr->next; + pname = pname->next; } TEST_ASSERT(result == 0); From 09720e2228763a5ed5b387b4b60a1ea73259b495 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 9 Feb 2023 09:49:35 +0100 Subject: [PATCH 054/483] Remove redundant test cases Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.data | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f3c35e3ef1..46f0f3c63f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3197,11 +3197,3 @@ x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -X509 CRT parse Authority Key Id - Wrong Issuer Tag 3 -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d003b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG - -X509 CRT parse Authority Key Id - Wrong Issuer Tag 4 -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C -x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b000b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG From 21903ec8606e62b0fb2add29ef705355b683af34 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 21 Feb 2023 08:32:37 +0100 Subject: [PATCH 055/483] Fix after rebase Handle manually functions that have been moved to different locations. Signed-off-by: Przemek Stekiel --- include/mbedtls/x509.h | 3 + include/mbedtls/x509_crt.h | 28 --- library/x509.c | 99 +++++---- library/x509_crt.c | 433 +------------------------------------ 4 files changed, 65 insertions(+), 498 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index ed9ae63a75..7faf176b5a 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -481,6 +481,9 @@ int mbedtls_x509_get_key_usage(unsigned char **p, int mbedtls_x509_get_subject_alt_name(unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *subject_alt_name); +int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name); int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, const mbedtls_x509_sequence *subject_alt_name, diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index f25ccb2a02..338f96360e 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -561,34 +561,6 @@ int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path); int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path); #endif /* MBEDTLS_FS_IO */ -/** - * \brief This function parses an item in the SubjectAlternativeNames - * extension. - * - * \param san_buf The buffer holding the raw data item of the subject - * alternative name. - * \param san The target structure to populate with the parsed presentation - * of the subject alternative name encoded in \p san_raw. - * - * \note Only "dnsName" and "otherName" as defined in RFC 5280 are supported. - * - * \note This function should be called on a single raw data of - * subject alternative name. For example, after successful - * certificate parsing, one must iterate on every item in the - * \p crt->subject_alt_names sequence, and pass it to - * this function. - * - * \warning The target structure contains pointers to the raw data of the - * parsed certificate, and its lifetime is restricted by the - * lifetime of the certificate. - * - * \return \c 0 on success - * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported - * SAN type. - * \return Another negative value for any other failure. - */ -int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san); #if !defined(MBEDTLS_X509_REMOVE_INFO) /** diff --git a/library/x509.c b/library/x509.c index c9524c958e..747ba811dd 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1201,53 +1201,19 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, return 0; } -/* - * SubjectAltName ::= GeneralNames +/* Check mbedtls_x509_get_subject_alt_name for detailed description. * - * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * - * GeneralName ::= CHOICE { - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER } - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * EDIPartyName ::= SEQUENCE { - * nameAssigner [0] DirectoryString OPTIONAL, - * partyName [1] DirectoryString } - * - * We list all types, but use the following GeneralName types from RFC 5280: - * "dnsName", "uniformResourceIdentifier" and "hardware_module_name" - * of type "otherName", as defined in RFC 4108. - */ -int mbedtls_x509_get_subject_alt_name(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name) + * In some cases while parsing subject alternative names the sequence tag is optional + * (e.g. CertSerialNumber). This function is designed to handle such case. +*/ +int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len, tag_len; + size_t tag_len; mbedtls_asn1_sequence *cur = subject_alt_name; - /* Get main sequence tag */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - while (*p < end) { mbedtls_x509_subject_alternative_name dummy_san_buf; mbedtls_x509_buf tmp_san_buf; @@ -1315,6 +1281,55 @@ int mbedtls_x509_get_subject_alt_name(unsigned char **p, return 0; } +/* + * SubjectAltName ::= GeneralNames + * + * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + * + * GeneralName ::= CHOICE { + * otherName [0] OtherName, + * rfc822Name [1] IA5String, + * dNSName [2] IA5String, + * x400Address [3] ORAddress, + * directoryName [4] Name, + * ediPartyName [5] EDIPartyName, + * uniformResourceIdentifier [6] IA5String, + * iPAddress [7] OCTET STRING, + * registeredID [8] OBJECT IDENTIFIER } + * + * OtherName ::= SEQUENCE { + * type-id OBJECT IDENTIFIER, + * value [0] EXPLICIT ANY DEFINED BY type-id } + * + * EDIPartyName ::= SEQUENCE { + * nameAssigner [0] DirectoryString OPTIONAL, + * partyName [1] DirectoryString } + * + * We list all types, but use the following GeneralName types from RFC 5280: + * "dnsName", "uniformResourceIdentifier" and "hardware_module_name" + * of type "otherName", as defined in RFC 4108. + */ +int mbedtls_x509_get_subject_alt_name(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len; + + /* Get main sequence tag */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + + if (*p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + + return mbedtls_x509_get_subject_alt_name_ext(p, end, subject_alt_name); +} + int mbedtls_x509_get_ns_cert_type(unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type) diff --git a/library/x509_crt.c b/library/x509_crt.c index abaf630f89..764c0b69c6 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -616,132 +616,6 @@ static int x509_get_subject_key_id(unsigned char **p, return 0; } -/* Check x509_get_subject_alt_name for detailed description. - * - * In some cases while parsing subject alternative names the sequence tag is optional - * (e.g. CertSerialNumber). This function is designed to handle such case. -*/ -static int x509_get_subject_alt_name_internal(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t tag_len; - mbedtls_asn1_buf *buf; - unsigned char tag; - mbedtls_asn1_sequence *cur = subject_alt_name; - - while (*p < end) { - mbedtls_x509_subject_alternative_name dummy_san_buf; - memset(&dummy_san_buf, 0, sizeof(dummy_san_buf)); - - tag = **p; - (*p)++; - if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if ((tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != - MBEDTLS_ASN1_CONTEXT_SPECIFIC) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - } - - /* - * Check that the SAN is structured correctly. - */ - ret = mbedtls_x509_parse_subject_alt_name(&(cur->buf), &dummy_san_buf); - /* - * In case the extension is malformed, return an error, - * and clear the allocated sequences. - */ - if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { - mbedtls_asn1_sequence_free(subject_alt_name->next); - subject_alt_name->next = NULL; - return ret; - } - - /* Allocate and assign next pointer */ - if (cur->buf.p != NULL) { - if (cur->next != NULL) { - return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; - } - - cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - - if (cur->next == NULL) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_ALLOC_FAILED); - } - - cur = cur->next; - } - - buf = &(cur->buf); - buf->tag = tag; - buf->p = *p; - buf->len = tag_len; - *p += buf->len; - } - - /* Set final sequence entry's next pointer to NULL */ - cur->next = NULL; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} - -/* - * SubjectAltName ::= GeneralNames - * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * - * GeneralName ::= CHOICE { - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER } - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * EDIPartyName ::= SEQUENCE { - * nameAssigner [0] DirectoryString OPTIONAL, - * partyName [1] DirectoryString } - * - * NOTE: we list all types, but only use dNSName and otherName - * of type HwModuleName, as defined in RFC 4108, at this point. - */ -static int x509_get_subject_alt_name(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - /* Get main sequence tag */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return x509_get_subject_alt_name_internal(p, end, subject_alt_name); -} - /* * AuthorityKeyIdentifier ::= SEQUENCE { * keyIdentifier [0] KeyIdentifier OPTIONAL, @@ -789,9 +663,9 @@ static int x509_get_authority_key_id(unsigned char **p, /* authorityCertIssuer is an OPTIONAL field */ } else { /* "end" also includes the CertSerialNumber field so "len" shall be used */ - ret = x509_get_subject_alt_name_internal(p, - (*p+len), - &authority_key_id->authorityCertIssuer); + ret = mbedtls_x509_get_subject_alt_name_ext(p, + (*p+len), + &authority_key_id->authorityCertIssuer); } } @@ -1135,8 +1009,8 @@ static int x509_get_crt_ext(unsigned char **p, /* Parse subject alt name * SubjectAltName ::= GeneralNames */ - if ((ret = x509_get_subject_alt_name(p, end_ext_octet, - &crt->subject_alt_names)) != 0) { + if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, + &crt->subject_alt_names)) != 0) { return ret; } break; @@ -1793,257 +1667,7 @@ cleanup: } #endif /* MBEDTLS_FS_IO */ -/* - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * HardwareModuleName ::= SEQUENCE { - * hwType OBJECT IDENTIFIER, - * hwSerialNum OCTET STRING } - * - * NOTE: we currently only parse and use otherName of type HwModuleName, - * as defined in RFC 4108. - */ -static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, - mbedtls_x509_san_other_name *other_name) -{ - int ret = 0; - size_t len; - unsigned char *p = subject_alt_name->p; - const unsigned char *end = p + subject_alt_name->len; - mbedtls_x509_buf cur_oid; - - if ((subject_alt_name->tag & - (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) != - (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) { - /* - * The given subject alternative name is not of type "othername". - */ - return MBEDTLS_ERR_X509_BAD_INPUT_DATA; - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - cur_oid.tag = MBEDTLS_ASN1_OID; - cur_oid.p = p; - cur_oid.len = len; - - /* - * Only HwModuleName is currently supported. - */ - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - - if (p + len >= end) { - mbedtls_platform_zeroize(other_name, sizeof(*other_name)); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - p += len; - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != - 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; - other_name->value.hardware_module_name.oid.p = p; - other_name->value.hardware_module_name.oid.len = len; - - if (p + len >= end) { - mbedtls_platform_zeroize(other_name, sizeof(*other_name)); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - p += len; - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } - - other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; - other_name->value.hardware_module_name.val.p = p; - other_name->value.hardware_module_name.val.len = len; - p += len; - if (p != end) { - mbedtls_platform_zeroize(other_name, - sizeof(*other_name)); - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - return 0; -} - -int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - switch (san_buf->tag & - (MBEDTLS_ASN1_TAG_CLASS_MASK | - MBEDTLS_ASN1_TAG_VALUE_MASK)) { - /* - * otherName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): - { - mbedtls_x509_san_other_name other_name; - - ret = x509_get_other_name(san_buf, &other_name); - if (ret != 0) { - return ret; - } - - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy(&san->san.other_name, - &other_name, sizeof(other_name)); - - } - break; - - /* - * dNSName - */ - case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): - { - memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); - san->type = MBEDTLS_X509_SAN_DNS_NAME; - - memcpy(&san->san.unstructured_name, - san_buf, sizeof(*san_buf)); - - } - break; - - /* - * Type not supported - */ - default: - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - } - return 0; -} - #if !defined(MBEDTLS_X509_REMOVE_INFO) -static int x509_info_subject_alt_name(char **buf, size_t *size, - const mbedtls_x509_sequence - *subject_alt_name, - const char *prefix) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - size_t n = *size; - char *p = *buf; - const mbedtls_x509_sequence *cur = subject_alt_name; - mbedtls_x509_subject_alternative_name san; - int parse_ret; - - while (cur != NULL) { - memset(&san, 0, sizeof(san)); - parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); - if (parse_ret != 0) { - if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { - ret = mbedtls_snprintf(p, n, "\n%s ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } else { - ret = mbedtls_snprintf(p, n, "\n%s ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - } - cur = cur->next; - continue; - } - - switch (san.type) { - /* - * otherName - */ - case MBEDTLS_X509_SAN_OTHER_NAME: - { - mbedtls_x509_san_other_name *other_name = &san.san.other_name; - - ret = mbedtls_snprintf(p, n, "\n%s otherName :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name->value.hardware_module_name.oid) != 0) { - ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = - mbedtls_snprintf(p, n, "\n%s hardware type : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_oid_get_numeric_string(p, - n, - &other_name->value.hardware_module_name.oid); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = - mbedtls_snprintf(p, n, "\n%s hardware serial number : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - - for (i = 0; i < other_name->value.hardware_module_name.val.len; i++) { - ret = mbedtls_snprintf(p, - n, - "%02X", - other_name->value.hardware_module_name.val.p[i]); - MBEDTLS_X509_SAFE_SNPRINTF; - } - }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ - } - break; - - /* - * dNSName - */ - case MBEDTLS_X509_SAN_DNS_NAME: - { - ret = mbedtls_snprintf(p, n, "\n%s dNSName : ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - if (san.san.unstructured_name.len >= n) { - *p = '\0'; - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - - memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); - p += san.san.unstructured_name.len; - n -= san.san.unstructured_name.len; - } - break; - - /* - * Type not supported, skip item. - */ - default: - ret = mbedtls_snprintf(p, n, "\n%s ", prefix); - MBEDTLS_X509_SAFE_SNPRINTF; - break; - } - - cur = cur->next; - } - - *p = '\0'; - - *size = n; - *buf = p; - - return 0; -} - #define PRINT_ITEM(i) \ { \ ret = mbedtls_snprintf(p, n, "%s" i, sep); \ @@ -2055,57 +1679,10 @@ static int x509_info_subject_alt_name(char **buf, size_t *size, if (ns_cert_type & (type)) \ PRINT_ITEM(name); -static int x509_info_cert_type(char **buf, size_t *size, - unsigned char ns_cert_type) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n = *size; - char *p = *buf; - const char *sep = ""; - - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA"); - CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA"); - - *size = n; - *buf = p; - - return 0; -} - #define KEY_USAGE(code, name) \ if (key_usage & (code)) \ PRINT_ITEM(name); -static int x509_info_key_usage(char **buf, size_t *size, - unsigned int key_usage) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n = *size; - char *p = *buf; - const char *sep = ""; - - KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature"); - KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation"); - KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment"); - KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment"); - KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement"); - KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign"); - KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign"); - KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only"); - KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only"); - - *size = n; - *buf = p; - - return 0; -} - static int x509_info_ext_key_usage(char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage) { From 79354c3c4dd8b3776d2ff7750ecb54fd7eec7712 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 31 Mar 2023 09:31:22 +0200 Subject: [PATCH 056/483] Use MBEDTLS_MD_CAN_SHA1 macro as test dependency Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.data | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 46f0f3c63f..70f1e6edfb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3167,33 +3167,33 @@ depends_on:MBEDTLS_X509_CRT_PARSE_C x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME X509 CRT parse Subject Key Id - Correct Subject Key ID -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:0 X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_subjectkeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Correct Authority Key ID -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":20:"NL/PolarSSL/PolarSSL Test CA/":1:0 X509 CRT parse Authority Key Id - Wrong Length -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c30598014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRT parse Authority Key Id - Wrong Sequence tag -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c005a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong KeyId Tag -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 -depends_on:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA:MBEDTLS_RSA_C +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG From 39dbe23845537d49ab37436006433de88c27882c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 3 Apr 2023 10:19:22 +0200 Subject: [PATCH 057/483] Release memory for subject alt name in test Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c7d341dd04..4d89410898 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1506,7 +1506,7 @@ void x509_crt_parse_authoritykeyid(data_t *buf, int bufferCounter = 0; size_t issuerCounter = 0; unsigned int result = 0; - mbedtls_x509_subject_alternative_name san = { 0 }; + mbedtls_x509_subject_alternative_name san; mbedtls_x509_name *pname = NULL; mbedtls_x509_crt_init(&crt); @@ -1533,6 +1533,7 @@ void x509_crt_parse_authoritykeyid(data_t *buf, bufferCounter++; /* Skipping the slash */ pname = pname->next; } + mbedtls_x509_free_subject_alt_name(&san); TEST_ASSERT(result == 0); /* Serial test */ From 294ec1274d0a694cd18eea2b67ba20f37b2d288b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 3 Apr 2023 10:20:08 +0200 Subject: [PATCH 058/483] Remove redundant memory relase for authorityCertIssuer Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 764c0b69c6..276ec1a84e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2962,8 +2962,6 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) { mbedtls_x509_crt *cert_cur = crt; mbedtls_x509_crt *cert_prv; - mbedtls_x509_sequence *seq_cur; - mbedtls_x509_sequence *seq_prv; while (cert_cur != NULL) { mbedtls_pk_free(&cert_cur->pk); @@ -2978,15 +2976,6 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); - seq_cur = cert_cur->authority_key_id.authorityCertIssuer.next; - while (seq_cur != NULL) { - seq_prv = seq_cur; - seq_cur = seq_cur->next; - mbedtls_platform_zeroize(seq_prv, - sizeof(mbedtls_x509_sequence)); - mbedtls_free(seq_prv); - } - if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len); mbedtls_free(cert_cur->raw.p); From 725688b1433620d6f2c6ea0705f0dfe53f864c16 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 4 Apr 2023 22:49:44 +0200 Subject: [PATCH 059/483] Fix code style Signed-off-by: Przemek Stekiel --- library/x509.c | 2 +- library/x509_crt.c | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/library/x509.c b/library/x509.c index 747ba811dd..5f6715aa25 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1205,7 +1205,7 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, * * In some cases while parsing subject alternative names the sequence tag is optional * (e.g. CertSerialNumber). This function is designed to handle such case. -*/ + */ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *subject_alt_name) diff --git a/library/x509_crt.c b/library/x509_crt.c index 276ec1a84e..9fb449939b 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -663,16 +663,17 @@ static int x509_get_authority_key_id(unsigned char **p, /* authorityCertIssuer is an OPTIONAL field */ } else { /* "end" also includes the CertSerialNumber field so "len" shall be used */ - ret = mbedtls_x509_get_subject_alt_name_ext(p, - (*p+len), - &authority_key_id->authorityCertIssuer); + ret = mbedtls_x509_get_subject_alt_name_ext(p, + (*p+len), + &authority_key_id->authorityCertIssuer); } } if (*p < end) { /* Getting authorityCertSerialNumber using the required specific class tag [2] */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER | 2)) != + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER | + 2)) != 0) { /* authorityCertSerialNumber is an OPTIONAL field */ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); From 7f6933a227699b7d809036b3f6cc8544c68d054f Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 4 Apr 2023 16:05:54 +0800 Subject: [PATCH 060/483] cert_audit: Initial script for auditing expiry date We introduce the script to audit the expiry date of X509 files (i.e. crt/crl/csr files) in tests/data_files/ folder. This commit add basic classes and the framework for auditing and "-a" option to list all valid crt/crl/csr files it found. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 282 ++++++++++++++++++++++++++ 1 file changed, 282 insertions(+) create mode 100755 tests/scripts/audit-validity-dates.py diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py new file mode 100755 index 0000000000..67d4096659 --- /dev/null +++ b/tests/scripts/audit-validity-dates.py @@ -0,0 +1,282 @@ +#!/usr/bin/env python3 +# +# copyright the mbed tls contributors +# spdx-license-identifier: apache-2.0 +# +# licensed under the apache license, version 2.0 (the "license"); you may +# not use this file except in compliance with the license. +# you may obtain a copy of the license at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Audit validity date of X509 crt/crl/csr + +This script is used to audit the validity date of crt/crl/csr used for testing. +The files are in tests/data_files/ while some data are in test suites data in +tests/suites/*.data files. +""" + +import os +import sys +import re +import typing +import types +import argparse +import datetime +from enum import Enum + +from cryptography import x509 + +class DataType(Enum): + CRT = 1 # Certificate + CRL = 2 # Certificate Revocation List + CSR = 3 # Certificate Signing Request + +class DataFormat(Enum): + PEM = 1 # Privacy-Enhanced Mail + DER = 2 # Distinguished Encoding Rules + +class AuditData: + """Store file, type and expiration date for audit.""" + #pylint: disable=too-few-public-methods + def __init__(self, data_type: DataType): + self.data_type = data_type + self.filename = "" + self.not_valid_after: datetime.datetime + self.not_valid_before: datetime.datetime + + def fill_validity_duration(self, x509_obj): + """Fill expiration_date field from a x509 object""" + # Certificate expires after "not_valid_after" + # Certificate is invalid before "not_valid_before" + if self.data_type == DataType.CRT: + self.not_valid_after = x509_obj.not_valid_after + self.not_valid_before = x509_obj.not_valid_before + # CertificateRevocationList expires after "next_update" + # CertificateRevocationList is invalid before "last_update" + elif self.data_type == DataType.CRL: + self.not_valid_after = x509_obj.next_update + self.not_valid_before = x509_obj.last_update + # CertificateSigningRequest is always valid. + elif self.data_type == DataType.CSR: + self.not_valid_after = datetime.datetime.max + self.not_valid_before = datetime.datetime.min + else: + raise ValueError("Unsupported file_type: {}".format(self.data_type)) + +class X509Parser(): + """A parser class to parse crt/crl/csr file or data in PEM/DER format.""" + PEM_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n(?P.*?)-{5}END (?P=type)-{5}\n' + PEM_TAG_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n' + PEM_TAGS = { + DataType.CRT: 'CERTIFICATE', + DataType.CRL: 'X509 CRL', + DataType.CSR: 'CERTIFICATE REQUEST' + } + + def __init__(self, backends: dict): + self.backends = backends + self.__generate_parsers() + + def __generate_parser(self, data_type: DataType): + """Parser generator for a specific DataType""" + tag = self.PEM_TAGS[data_type] + pem_loader = self.backends[data_type][DataFormat.PEM] + der_loader = self.backends[data_type][DataFormat.DER] + def wrapper(data: bytes): + pem_type = X509Parser.pem_data_type(data) + # It is in PEM format with target tag + if pem_type == tag: + return pem_loader(data) + # It is in PEM format without target tag + if pem_type: + return None + # It might be in DER format + try: + result = der_loader(data) + except ValueError: + result = None + return result + wrapper.__name__ = "{}.parser[{}]".format(type(self).__name__, tag) + return wrapper + + def __generate_parsers(self): + """Generate parsers for all support DataType""" + self.parsers = {} + for data_type, _ in self.PEM_TAGS.items(): + self.parsers[data_type] = self.__generate_parser(data_type) + + def __getitem__(self, item): + return self.parsers[item] + + @staticmethod + def pem_data_type(data: bytes) -> str: + """Get the tag from the data in PEM format + + :param data: data to be checked in binary mode. + :return: PEM tag or "" when no tag detected. + """ + m = re.search(X509Parser.PEM_TAG_REGEX, data) + if m is not None: + return m.group('type').decode('UTF-8') + else: + return "" + +class Auditor: + """A base class for audit.""" + def __init__(self, verbose): + self.verbose = verbose + self.default_files = [] + self.audit_data = [] + self.parser = X509Parser({ + DataType.CRT: { + DataFormat.PEM: x509.load_pem_x509_certificate, + DataFormat.DER: x509.load_der_x509_certificate + }, + DataType.CRL: { + DataFormat.PEM: x509.load_pem_x509_crl, + DataFormat.DER: x509.load_der_x509_crl + }, + DataType.CSR: { + DataFormat.PEM: x509.load_pem_x509_csr, + DataFormat.DER: x509.load_der_x509_csr + }, + }) + + def error(self, *args): + #pylint: disable=no-self-use + print("Error: ", *args, file=sys.stderr) + + def warn(self, *args): + if self.verbose: + print("Warn: ", *args, file=sys.stderr) + + def parse_file(self, filename: str) -> typing.List[AuditData]: + """ + Parse a list of AuditData from file. + + :param filename: name of the file to parse. + :return list of AuditData parsed from the file. + """ + with open(filename, 'rb') as f: + data = f.read() + result_list = [] + result = self.parse_bytes(data) + if result is not None: + result.filename = filename + result_list.append(result) + return result_list + + def parse_bytes(self, data: bytes): + """Parse AuditData from bytes.""" + for data_type in list(DataType): + try: + result = self.parser[data_type](data) + except ValueError as val_error: + result = None + self.warn(val_error) + if result is not None: + audit_data = AuditData(data_type) + audit_data.fill_validity_duration(result) + return audit_data + return None + + def walk_all(self, file_list): + """ + Iterate over all the files in the list and get audit data. + """ + if not file_list: + file_list = self.default_files + for filename in file_list: + data_list = self.parse_file(filename) + self.audit_data.extend(data_list) + + def for_each(self, do, *args, **kwargs): + """ + Sort the audit data and iterate over them. + """ + if not isinstance(do, types.FunctionType): + return + for d in self.audit_data: + do(d, *args, **kwargs) + + @staticmethod + def find_test_dir(): + """Get the relative path for the MbedTLS test directory.""" + if os.path.isdir('tests'): + tests_dir = 'tests' + elif os.path.isdir('suites'): + tests_dir = '.' + elif os.path.isdir('../suites'): + tests_dir = '..' + else: + raise Exception("Mbed TLS source tree not found") + return tests_dir + +class TestDataAuditor(Auditor): + """Class for auditing files in tests/data_files/""" + def __init__(self, verbose): + super().__init__(verbose) + self.default_files = self.collect_default_files() + + def collect_default_files(self): + """collect all files in tests/data_files/""" + test_dir = self.find_test_dir() + test_data_folder = os.path.join(test_dir, 'data_files') + data_files = [] + for (dir_path, _, file_names) in os.walk(test_data_folder): + data_files.extend(os.path.join(dir_path, file_name) + for file_name in file_names) + return data_files + + +def list_all(audit_data: AuditData): + print("{}\t{}\t{}\t{}".format( + audit_data.not_valid_before.isoformat(timespec='seconds'), + audit_data.not_valid_after.isoformat(timespec='seconds'), + audit_data.data_type.name, + audit_data.filename)) + +def main(): + """ + Perform argument parsing. + """ + parser = argparse.ArgumentParser( + description='Audit script for X509 crt/crl/csr files.' + ) + + parser.add_argument('-a', '--all', + action='store_true', + help='list the information of all files') + parser.add_argument('-v', '--verbose', + action='store_true', dest='verbose', + help='Show warnings') + parser.add_argument('-f', '--file', dest='file', + help='file to audit (Debug only)', + metavar='FILE') + + args = parser.parse_args() + + # start main routine + td_auditor = TestDataAuditor(args.verbose) + + if args.file: + data_files = [args.file] + else: + data_files = td_auditor.default_files + + td_auditor.walk_all(data_files) + + if args.all: + td_auditor.for_each(list_all) + + print("\nDone!\n") + +if __name__ == "__main__": + main() From 45e32033db767f3213fa6099fd035a45a6eef237 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 6 Apr 2023 14:33:41 +0800 Subject: [PATCH 061/483] cert_audit: Support audit on test suite data files Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 43 ++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 67d4096659..0d1425b28b 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -29,6 +29,7 @@ import typing import types import argparse import datetime +import glob from enum import Enum from cryptography import x509 @@ -226,7 +227,7 @@ class TestDataAuditor(Auditor): self.default_files = self.collect_default_files() def collect_default_files(self): - """collect all files in tests/data_files/""" + """Collect all files in tests/data_files/""" test_dir = self.find_test_dir() test_data_folder = os.path.join(test_dir, 'data_files') data_files = [] @@ -235,6 +236,38 @@ class TestDataAuditor(Auditor): for file_name in file_names) return data_files +class SuiteDataAuditor(Auditor): + """Class for auditing files in tests/suites/*.data""" + def __init__(self, options): + super().__init__(options) + self.default_files = self.collect_default_files() + + def collect_default_files(self): + """Collect all files in tests/suites/*.data""" + test_dir = self.find_test_dir() + suites_data_folder = os.path.join(test_dir, 'suites') + # collect all data files in tests/suites (114 in total) + data_files = glob.glob(os.path.join(suites_data_folder, '*.data')) + return data_files + + def parse_file(self, filename: str): + """Parse AuditData from file.""" + with open(filename, 'r') as f: + data = f.read() + audit_data_list = [] + # extract hex strings from the data file. + hex_strings = re.findall(r'"(?P[0-9a-fA-F]+)"', data) + for hex_str in hex_strings: + # We regard hex string with odd number length as invaild data. + if len(hex_str) & 1: + continue + bytes_data = bytes.fromhex(hex_str) + audit_data = self.parse_bytes(bytes_data) + if audit_data is None: + continue + audit_data.filename = filename + audit_data_list.append(audit_data) + return audit_data_list def list_all(audit_data: AuditData): print("{}\t{}\t{}\t{}".format( @@ -265,16 +298,24 @@ def main(): # start main routine td_auditor = TestDataAuditor(args.verbose) + sd_auditor = SuiteDataAuditor(args.verbose) if args.file: data_files = [args.file] + suite_data_files = [args.file] else: data_files = td_auditor.default_files + suite_data_files = sd_auditor.default_files td_auditor.walk_all(data_files) + # TODO: Improve the method for auditing test suite data files + # It takes 6 times longer than td_auditor.walk_all(), + # typically 0.827 s VS 0.147 s. + sd_auditor.walk_all(suite_data_files) if args.all: td_auditor.for_each(list_all) + sd_auditor.for_each(list_all) print("\nDone!\n") From 30f2683d18606bc0501d2a9e4b29f1ee2e2741ac Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 7 Apr 2023 18:04:07 +0800 Subject: [PATCH 062/483] cert_audit: Parse more information from test suite data file Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 126 ++++++++++++++++++++++---- 1 file changed, 107 insertions(+), 19 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 0d1425b28b..5e22bfca90 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -34,6 +34,9 @@ from enum import Enum from cryptography import x509 +# reuse the function to parse *.data file in tests/suites/ +from generate_test_code import parse_test_data as parse_suite_data + class DataType(Enum): CRT = 1 # Certificate CRL = 2 # Certificate Revocation List @@ -129,6 +132,32 @@ class X509Parser(): else: return "" + @staticmethod + def check_hex_string(hex_str: str) -> bool: + """Check if the hex string is possibly DER data.""" + hex_len = len(hex_str) + # At least 6 hex char for 3 bytes: Type + Length + Content + if hex_len < 6: + return False + # Check if Type (1 byte) is SEQUENCE. + if hex_str[0:2] != '30': + return False + # Check LENGTH (1 byte) value + content_len = int(hex_str[2:4], base=16) + consumed = 4 + if content_len in (128, 255): + # Indefinite or Reserved + return False + elif content_len > 127: + # Definite, Long + length_len = (content_len - 128) * 2 + content_len = int(hex_str[consumed:consumed+length_len], base=16) + consumed += length_len + # Check LENGTH + if hex_len != content_len * 2 + consumed: + return False + return True + class Auditor: """A base class for audit.""" def __init__(self, verbose): @@ -236,6 +265,64 @@ class TestDataAuditor(Auditor): for file_name in file_names) return data_files +class FileWrapper(): + """ + This a stub class of generate_test_code.FileWrapper. + + This class reads the whole file to memory before iterating + over the lines. + """ + + def __init__(self, file_name): + """ + Read the file and initialize the line number to 0. + + :param file_name: File path to open. + """ + with open(file_name, 'rb') as f: + self.buf = f.read() + self.buf_len = len(self.buf) + self._line_no = 0 + self._line_start = 0 + + def __iter__(self): + """Make the class iterable.""" + return self + + def __next__(self): + """ + This method for returning a line of the file per iteration. + + :return: Line read from file. + """ + # If we reach the end of the file. + if not self._line_start < self.buf_len: + raise StopIteration + + line_end = self.buf.find(b'\n', self._line_start) + 1 + if line_end > 0: + # Find the first LF as the end of the new line. + line = self.buf[self._line_start:line_end] + self._line_start = line_end + self._line_no += 1 + else: + # No LF found. We are at the last line without LF. + line = self.buf[self._line_start:] + self._line_start = self.buf_len + self._line_no += 1 + + # Convert byte array to string with correct encoding and + # strip any whitespaces added in the decoding process. + return line.decode(sys.getdefaultencoding()).rstrip() + '\n' + + def get_line_no(self): + """ + Gives current line number. + """ + return self._line_no + + line_no = property(get_line_no) + class SuiteDataAuditor(Auditor): """Class for auditing files in tests/suites/*.data""" def __init__(self, options): @@ -246,27 +333,31 @@ class SuiteDataAuditor(Auditor): """Collect all files in tests/suites/*.data""" test_dir = self.find_test_dir() suites_data_folder = os.path.join(test_dir, 'suites') - # collect all data files in tests/suites (114 in total) data_files = glob.glob(os.path.join(suites_data_folder, '*.data')) return data_files def parse_file(self, filename: str): - """Parse AuditData from file.""" - with open(filename, 'r') as f: - data = f.read() + """ + Parse a list of AuditData from file. + + :param filename: name of the file to parse. + :return list of AuditData parsed from the file. + """ audit_data_list = [] - # extract hex strings from the data file. - hex_strings = re.findall(r'"(?P[0-9a-fA-F]+)"', data) - for hex_str in hex_strings: - # We regard hex string with odd number length as invaild data. - if len(hex_str) & 1: - continue - bytes_data = bytes.fromhex(hex_str) - audit_data = self.parse_bytes(bytes_data) - if audit_data is None: - continue - audit_data.filename = filename - audit_data_list.append(audit_data) + data_f = FileWrapper(filename) + for _, _, _, test_args in parse_suite_data(data_f): + for test_arg in test_args: + match = re.match(r'"(?P[0-9a-fA-F]+)"', test_arg) + if not match: + continue + if not X509Parser.check_hex_string(match.group('data')): + continue + audit_data = self.parse_bytes(bytes.fromhex(match.group('data'))) + if audit_data is None: + continue + audit_data.filename = filename + audit_data_list.append(audit_data) + return audit_data_list def list_all(audit_data: AuditData): @@ -308,9 +399,6 @@ def main(): suite_data_files = sd_auditor.default_files td_auditor.walk_all(data_files) - # TODO: Improve the method for auditing test suite data files - # It takes 6 times longer than td_auditor.walk_all(), - # typically 0.827 s VS 0.147 s. sd_auditor.walk_all(suite_data_files) if args.all: From 1a4cc5e92ca8dbffa5606e4da84eb02e1c70e83d Mon Sep 17 00:00:00 2001 From: Mukesh Bharsakle Date: Sat, 8 Apr 2023 15:38:30 +0100 Subject: [PATCH 063/483] updating test-ca.key to use AES instead of DES Signed-off-by: Mukesh Bharsakle --- tests/data_files/test-ca.key | 52 +++++++++++++------------- tests/src/certs.c | 52 +++++++++++++------------- tests/suites/test_suite_pkparse.data | 6 +-- tests/suites/test_suite_x509write.data | 48 ++++++++++++------------ 4 files changed, 79 insertions(+), 79 deletions(-) diff --git a/tests/data_files/test-ca.key b/tests/data_files/test-ca.key index 1614e22bcd..de8be1ddfb 100644 --- a/tests/data_files/test-ca.key +++ b/tests/data_files/test-ca.key @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B +DEK-Info: AES-128-CBC,781840E6B804AE83D2AF71127C4CE314 -9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA -7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq -Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo -PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb -GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9 -gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq -QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w -PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x -vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU -WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X -JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR -KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe -Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J -9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2 -iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/ -tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT -P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL -1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb -nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5 -X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq -rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz -L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l -I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR -wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde -P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2 +etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79 +NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO +bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB +skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV +sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45 +U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G +L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl +UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC +itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM +sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB +/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m +1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV +UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21 +7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG +ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm +cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W +R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts +EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP +90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD +gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR +xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ +0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp +fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX +9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H +PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU -----END RSA PRIVATE KEY----- diff --git a/tests/src/certs.c b/tests/src/certs.c index 8b6b988a7e..1f48570d7e 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -350,33 +350,33 @@ #define TEST_CA_KEY_RSA_PEM \ "-----BEGIN RSA PRIVATE KEY-----\r\n" \ "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" \ + "AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \ "\r\n" \ - "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \ - "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \ - "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \ - "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \ - "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \ - "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \ - "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \ - "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \ - "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \ - "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \ - "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \ - "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \ - "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \ - "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \ - "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \ - "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \ - "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \ - "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \ - "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \ - "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \ - "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \ - "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \ - "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \ - "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \ - "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \ + "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \ + "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \ + "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \ + "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \ + "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \ + "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \ + "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \ + "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \ + "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \ + "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \ + "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \ + "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \ + "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \ + "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \ + "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \ + "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \ + "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \ + "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \ + "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \ + "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \ + "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \ + "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \ + "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \ + "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \ + "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \ "-----END RSA PRIVATE KEY-----\r\n" /* END FILE */ diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 4ea75a175e..c07cb0d034 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1,13 +1,13 @@ Parse RSA Key #1 (No password when required) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C +depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #2 (Correct password) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C +depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C +depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #4 (DES Encrypted) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index bb40029bb9..b165027082 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -59,99 +59,99 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_SECP25 x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 Certificate write check Server1 SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, not before 1970 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, not before 1970, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, not before 2050, not after 2059 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, one ext_key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, two ext_key_usages -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, RSA_ALT, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Opaque, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, Serial starting with 0x80 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt" Certificate write check Server1 SHA1, All 0xFF full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt" Certificate write check Server5 ECDSA From ebf011f43eefb4fba2f9ece9c3859e8474d5f484 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 11 Apr 2023 13:39:31 +0800 Subject: [PATCH 064/483] cert_audit: Introduce not-[before|after] option Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 37 ++++++++++++++++++--------- 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 5e22bfca90..85c0bd9dd3 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -26,7 +26,6 @@ import os import sys import re import typing -import types import argparse import datetime import glob @@ -227,15 +226,6 @@ class Auditor: data_list = self.parse_file(filename) self.audit_data.extend(data_list) - def for_each(self, do, *args, **kwargs): - """ - Sort the audit data and iterate over them. - """ - if not isinstance(do, types.FunctionType): - return - for d in self.audit_data: - do(d, *args, **kwargs) - @staticmethod def find_test_dir(): """Get the relative path for the MbedTLS test directory.""" @@ -381,6 +371,12 @@ def main(): parser.add_argument('-v', '--verbose', action='store_true', dest='verbose', help='Show warnings') + parser.add_argument('--not-before', dest='not_before', + help='not valid before this date(UTC), YYYY-MM-DD', + metavar='DATE') + parser.add_argument('--not-after', dest='not_after', + help='not valid after this date(UTC), YYYY-MM-DD', + metavar='DATE') parser.add_argument('-f', '--file', dest='file', help='file to audit (Debug only)', metavar='FILE') @@ -398,12 +394,29 @@ def main(): data_files = td_auditor.default_files suite_data_files = sd_auditor.default_files + if args.not_before: + not_before_date = datetime.datetime.fromisoformat(args.not_before) + else: + not_before_date = datetime.datetime.today() + if args.not_after: + not_after_date = datetime.datetime.fromisoformat(args.not_after) + else: + not_after_date = not_before_date + td_auditor.walk_all(data_files) sd_auditor.walk_all(suite_data_files) + audit_results = td_auditor.audit_data + sd_auditor.audit_data + + # we filter out the files whose validity duration covers the provide + # duration. + filter_func = lambda d: (not_before_date < d.not_valid_before) or \ + (d.not_valid_after < not_after_date) if args.all: - td_auditor.for_each(list_all) - sd_auditor.for_each(list_all) + filter_func = None + + for d in filter(filter_func, audit_results): + list_all(d) print("\nDone!\n") From cb8fc3275a96985373db400821185de139b20f93 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 11 Apr 2023 15:05:29 +0800 Subject: [PATCH 065/483] cert_audit: Fill validity dates in AuditData constructor Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 85c0bd9dd3..472041e168 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -48,11 +48,10 @@ class DataFormat(Enum): class AuditData: """Store file, type and expiration date for audit.""" #pylint: disable=too-few-public-methods - def __init__(self, data_type: DataType): + def __init__(self, data_type: DataType, x509_obj): self.data_type = data_type self.filename = "" - self.not_valid_after: datetime.datetime - self.not_valid_before: datetime.datetime + self.fill_validity_duration(x509_obj) def fill_validity_duration(self, x509_obj): """Fill expiration_date field from a x509 object""" @@ -211,8 +210,7 @@ class Auditor: result = None self.warn(val_error) if result is not None: - audit_data = AuditData(data_type) - audit_data.fill_validity_duration(result) + audit_data = AuditData(data_type, result) return audit_data return None From 3179232211a39b27e341c21b1d1165773168234a Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 11 Apr 2023 16:30:54 +0800 Subject: [PATCH 066/483] cert_audit: Disable pylint error for importing cryptography This is to make CI happy. The script requires cryptography >= 35.0.0, which is only available for Python >= 3.6. But both ubuntu-16.04 and Travis CI are using Python 3.5.x. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 472041e168..3f19870309 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -31,7 +31,10 @@ import datetime import glob from enum import Enum -from cryptography import x509 +# The script requires cryptography >= 35.0.0 which is only available +# for Python >= 3.6. Disable the pylint error here until we were +# using modern system on our CI. +from cryptography import x509 #pylint: disable=import-error # reuse the function to parse *.data file in tests/suites/ from generate_test_code import parse_test_data as parse_suite_data From b17f6a211daa6df3d7783f9a1373ba21fe8ca117 Mon Sep 17 00:00:00 2001 From: Mukesh Bharsakle Date: Wed, 12 Apr 2023 00:05:45 +0100 Subject: [PATCH 067/483] Updating makefile to document key generation Signed-off-by: Mukesh Bharsakle --- tests/data_files/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 4228f45822..c23db51b14 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -41,6 +41,10 @@ test_ca_key_file_rsa = test-ca.key test_ca_pwd_rsa = PolarSSLTest test_ca_config_file = test-ca.opensslconf +$(test_ca_key_file_rsa):$(test_ca_pwd_rsa) + $(OPENSSL) genrsa -aes-128-cbc -passout pass:$< -out $@ 2048 +all_final += $(test_ca_key_file_rsa) + test-ca.req.sha256: $(test_ca_key_file_rsa) $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 all_intermediate += test-ca.req.sha256 From 57240958ed3f915421145bc7454598715577cefb Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 13 Apr 2023 14:42:37 +0800 Subject: [PATCH 068/483] cert_audit: Make FILE as positional argument Make FILE as positional argument so that we can pass multiple files to the script. This commit also contains some help message improvements. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 32 +++++++++++++-------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 3f19870309..577179d0b4 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -15,11 +15,12 @@ # See the License for the specific language governing permissions and # limitations under the License. -"""Audit validity date of X509 crt/crl/csr +"""Audit validity date of X509 crt/crl/csr. This script is used to audit the validity date of crt/crl/csr used for testing. -The files are in tests/data_files/ while some data are in test suites data in -tests/suites/*.data files. +It prints the information of X509 data whose validity duration does not cover +the provided validity duration. The data are collected from tests/data_files/ +and tests/suites/*.data files by default. """ import os @@ -362,24 +363,23 @@ def main(): """ Perform argument parsing. """ - parser = argparse.ArgumentParser( - description='Audit script for X509 crt/crl/csr files.' - ) + parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('-a', '--all', action='store_true', - help='list the information of all files') + help='list the information of all the files') parser.add_argument('-v', '--verbose', action='store_true', dest='verbose', - help='Show warnings') + help='show warnings') parser.add_argument('--not-before', dest='not_before', - help='not valid before this date(UTC), YYYY-MM-DD', + help=('not valid before this date (UTC, YYYY-MM-DD). ' + 'Default: today'), metavar='DATE') parser.add_argument('--not-after', dest='not_after', - help='not valid after this date(UTC), YYYY-MM-DD', + help=('not valid after this date (UTC, YYYY-MM-DD). ' + 'Default: not-before'), metavar='DATE') - parser.add_argument('-f', '--file', dest='file', - help='file to audit (Debug only)', + parser.add_argument('files', nargs='*', help='files to audit', metavar='FILE') args = parser.parse_args() @@ -388,9 +388,9 @@ def main(): td_auditor = TestDataAuditor(args.verbose) sd_auditor = SuiteDataAuditor(args.verbose) - if args.file: - data_files = [args.file] - suite_data_files = [args.file] + if args.files: + data_files = args.files + suite_data_files = args.files else: data_files = td_auditor.default_files suite_data_files = sd_auditor.default_files @@ -408,7 +408,7 @@ def main(): sd_auditor.walk_all(suite_data_files) audit_results = td_auditor.audit_data + sd_auditor.audit_data - # we filter out the files whose validity duration covers the provide + # we filter out the files whose validity duration covers the provided # duration. filter_func = lambda d: (not_before_date < d.not_valid_before) or \ (d.not_valid_after < not_after_date) From 7725c1d2a9fe334926a83d3f81b444338f36628e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 13 Apr 2023 15:55:30 +0800 Subject: [PATCH 069/483] cert_audit: Output line/argument number for *.data files Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 577179d0b4..537cf40f02 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -338,7 +338,7 @@ class SuiteDataAuditor(Auditor): audit_data_list = [] data_f = FileWrapper(filename) for _, _, _, test_args in parse_suite_data(data_f): - for test_arg in test_args: + for idx, test_arg in enumerate(test_args): match = re.match(r'"(?P[0-9a-fA-F]+)"', test_arg) if not match: continue @@ -347,7 +347,9 @@ class SuiteDataAuditor(Auditor): audit_data = self.parse_bytes(bytes.fromhex(match.group('data'))) if audit_data is None: continue - audit_data.filename = filename + audit_data.filename = "{}:{}:{}".format(filename, + data_f.line_no, + idx + 1) audit_data_list.append(audit_data) return audit_data_list From 9a7a725ee7f4a57565b43e73ba7481dc8c04fa15 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 17 Apr 2023 16:06:57 +0200 Subject: [PATCH 070/483] Fix code style Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 9fb449939b..c373913c47 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -649,7 +649,7 @@ static int x509_get_authority_key_id(unsigned char **p, authority_key_id->keyIdentifier.p = *p; /* Setting tag of the keyIdentfier intentionally to 0x04. * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL), - * its tag with the content is the payload of on OCTET STRING primitive */ + * its tag with the content is the payload of on OCTET STRING primitive */ authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; *p += len; @@ -673,8 +673,7 @@ static int x509_get_authority_key_id(unsigned char **p, /* Getting authorityCertSerialNumber using the required specific class tag [2] */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER | - 2)) != - 0) { + 2)) != 0) { /* authorityCertSerialNumber is an OPTIONAL field */ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } else { From f8e5e059c53b85d7eff848c382bec38453acd53e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 18 Apr 2023 15:43:25 +0800 Subject: [PATCH 071/483] cert_audit: Improve documentation This commit is a collection of improving the documentation in the script: * Restore uppercase in the license header. * Reword the script description. * Reword the docstring of AuditData.fill_validity_duration * Rename AuditData.filename to *.location Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 34 +++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 537cf40f02..9ab8806d64 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -1,11 +1,11 @@ #!/usr/bin/env python3 # -# copyright the mbed tls contributors -# spdx-license-identifier: apache-2.0 +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 # -# licensed under the apache license, version 2.0 (the "license"); you may -# not use this file except in compliance with the license. -# you may obtain a copy of the license at +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # @@ -18,9 +18,9 @@ """Audit validity date of X509 crt/crl/csr. This script is used to audit the validity date of crt/crl/csr used for testing. -It prints the information of X509 data whose validity duration does not cover -the provided validity duration. The data are collected from tests/data_files/ -and tests/suites/*.data files by default. +It would print the information about X.509 data if the validity period of the +X.509 data didn't cover the provided validity period. The data are collected +from tests/data_files/ and tests/suites/*.data files by default. """ import os @@ -50,15 +50,15 @@ class DataFormat(Enum): DER = 2 # Distinguished Encoding Rules class AuditData: - """Store file, type and expiration date for audit.""" + """Store data location, type and validity period of X.509 objects.""" #pylint: disable=too-few-public-methods def __init__(self, data_type: DataType, x509_obj): self.data_type = data_type - self.filename = "" + self.location = "" self.fill_validity_duration(x509_obj) def fill_validity_duration(self, x509_obj): - """Fill expiration_date field from a x509 object""" + """Read validity period from an X.509 object.""" # Certificate expires after "not_valid_after" # Certificate is invalid before "not_valid_before" if self.data_type == DataType.CRT: @@ -76,7 +76,7 @@ class AuditData: else: raise ValueError("Unsupported file_type: {}".format(self.data_type)) -class X509Parser(): +class X509Parser: """A parser class to parse crt/crl/csr file or data in PEM/DER format.""" PEM_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n(?P.*?)-{5}END (?P=type)-{5}\n' PEM_TAG_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n' @@ -201,7 +201,7 @@ class Auditor: result_list = [] result = self.parse_bytes(data) if result is not None: - result.filename = filename + result.location = filename result_list.append(result) return result_list @@ -347,9 +347,9 @@ class SuiteDataAuditor(Auditor): audit_data = self.parse_bytes(bytes.fromhex(match.group('data'))) if audit_data is None: continue - audit_data.filename = "{}:{}:{}".format(filename, - data_f.line_no, - idx + 1) + audit_data.location = "{}:{}:#{}".format(filename, + data_f.line_no, + idx + 1) audit_data_list.append(audit_data) return audit_data_list @@ -359,7 +359,7 @@ def list_all(audit_data: AuditData): audit_data.not_valid_before.isoformat(timespec='seconds'), audit_data.not_valid_after.isoformat(timespec='seconds'), audit_data.data_type.name, - audit_data.filename)) + audit_data.location)) def main(): """ From 8e6794ad56066cfcbd4168ca3d2b92a1cedf2367 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 18 Apr 2023 17:00:47 +0800 Subject: [PATCH 072/483] cert_audit: Code refinement This commit is a collection of code refinements from review comments. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 30 +++++++++++++++------------ 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 9ab8806d64..575da12d0c 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -86,7 +86,12 @@ class X509Parser: DataType.CSR: 'CERTIFICATE REQUEST' } - def __init__(self, backends: dict): + def __init__(self, + backends: + typing.Dict[DataType, + typing.Dict[DataFormat, + typing.Callable[[bytes], object]]]) \ + -> None: self.backends = backends self.__generate_parsers() @@ -122,7 +127,7 @@ class X509Parser: return self.parsers[item] @staticmethod - def pem_data_type(data: bytes) -> str: + def pem_data_type(data: bytes) -> typing.Optional[str]: """Get the tag from the data in PEM format :param data: data to be checked in binary mode. @@ -132,7 +137,7 @@ class X509Parser: if m is not None: return m.group('type').decode('UTF-8') else: - return "" + return None @staticmethod def check_hex_string(hex_str: str) -> bool: @@ -165,6 +170,7 @@ class Auditor: def __init__(self, verbose): self.verbose = verbose self.default_files = [] + # A list to store the parsed audit_data. self.audit_data = [] self.parser = X509Parser({ DataType.CRT: { @@ -198,12 +204,12 @@ class Auditor: """ with open(filename, 'rb') as f: data = f.read() - result_list = [] result = self.parse_bytes(data) if result is not None: result.location = filename - result_list.append(result) - return result_list + return [result] + else: + return [] def parse_bytes(self, data: bytes): """Parse AuditData from bytes.""" @@ -218,11 +224,11 @@ class Auditor: return audit_data return None - def walk_all(self, file_list): + def walk_all(self, file_list: typing.Optional[typing.List[str]] = None): """ Iterate over all the files in the list and get audit data. """ - if not file_list: + if file_list is None: file_list = self.default_files for filename in file_list: data_list = self.parse_file(filename) @@ -250,11 +256,9 @@ class TestDataAuditor(Auditor): def collect_default_files(self): """Collect all files in tests/data_files/""" test_dir = self.find_test_dir() - test_data_folder = os.path.join(test_dir, 'data_files') - data_files = [] - for (dir_path, _, file_names) in os.walk(test_data_folder): - data_files.extend(os.path.join(dir_path, file_name) - for file_name in file_names) + test_data_glob = os.path.join(test_dir, 'data_files/**') + data_files = [f for f in glob.glob(test_data_glob, recursive=True) + if os.path.isfile(f)] return data_files class FileWrapper(): From 7a344dde0f514f06053e6fdffd6ee589d6f498e3 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 19 Apr 2023 15:03:20 +0800 Subject: [PATCH 073/483] New implementation for generate_test_code.FileWrapper We get some performance benefit from the Buffered I/O. Signed-off-by: Pengyu Lv --- tests/scripts/generate_test_code.py | 49 ++++++++++++++++++----------- 1 file changed, 31 insertions(+), 18 deletions(-) diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index f19d30b61e..347100dbe4 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -163,7 +163,6 @@ __MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE """ -import io import os import re import sys @@ -208,43 +207,57 @@ class GeneratorInputError(Exception): pass -class FileWrapper(io.FileIO): +class FileWrapper: """ - This class extends built-in io.FileIO class with attribute line_no, + This class extends the file object with attribute line_no, that indicates line number for the line that is read. """ - def __init__(self, file_name): + def __init__(self, file_name) -> None: """ - Instantiate the base class and initialize the line number to 0. + Instantiate the file object and initialize the line number to 0. :param file_name: File path to open. """ - super().__init__(file_name, 'r') + # private mix-in file object + self._f = open(file_name, 'rb') self._line_no = 0 + def __iter__(self): + return self + def __next__(self): """ - This method overrides base class's __next__ method and extends it - method to count the line numbers as each line is read. + This method makes FileWrapper iterable. + It counts the line numbers as each line is read. :return: Line read from file. """ - line = super().__next__() - if line is not None: - self._line_no += 1 - # Convert byte array to string with correct encoding and - # strip any whitespaces added in the decoding process. - return line.decode(sys.getdefaultencoding()).rstrip() + '\n' - return None + line = self._f.__next__() + self._line_no += 1 + # Convert byte array to string with correct encoding and + # strip any whitespaces added in the decoding process. + return line.decode(sys.getdefaultencoding()).rstrip()+ '\n' - def get_line_no(self): + def __enter__(self): + return self + + def __exit__(self, exc_type, exc_val, exc_tb): + self._f.__exit__(exc_type, exc_val, exc_tb) + + @property + def line_no(self): """ - Gives current line number. + Property that indicates line number for the line that is read. """ return self._line_no - line_no = property(get_line_no) + @property + def name(self): + """ + Property that indicates name of the file that is read. + """ + return self._f.name def split_dep(dep): From ad30679d9eef4c2c9b761bb12144f158ec120309 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 19 Apr 2023 15:07:03 +0800 Subject: [PATCH 074/483] cert_audit: Reuse generate_test_code.FileWrapper Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 59 +-------------------------- 1 file changed, 1 insertion(+), 58 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 575da12d0c..89a6dd4f57 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -39,6 +39,7 @@ from cryptography import x509 #pylint: disable=import-error # reuse the function to parse *.data file in tests/suites/ from generate_test_code import parse_test_data as parse_suite_data +from generate_test_code import FileWrapper class DataType(Enum): CRT = 1 # Certificate @@ -261,64 +262,6 @@ class TestDataAuditor(Auditor): if os.path.isfile(f)] return data_files -class FileWrapper(): - """ - This a stub class of generate_test_code.FileWrapper. - - This class reads the whole file to memory before iterating - over the lines. - """ - - def __init__(self, file_name): - """ - Read the file and initialize the line number to 0. - - :param file_name: File path to open. - """ - with open(file_name, 'rb') as f: - self.buf = f.read() - self.buf_len = len(self.buf) - self._line_no = 0 - self._line_start = 0 - - def __iter__(self): - """Make the class iterable.""" - return self - - def __next__(self): - """ - This method for returning a line of the file per iteration. - - :return: Line read from file. - """ - # If we reach the end of the file. - if not self._line_start < self.buf_len: - raise StopIteration - - line_end = self.buf.find(b'\n', self._line_start) + 1 - if line_end > 0: - # Find the first LF as the end of the new line. - line = self.buf[self._line_start:line_end] - self._line_start = line_end - self._line_no += 1 - else: - # No LF found. We are at the last line without LF. - line = self.buf[self._line_start:] - self._line_start = self.buf_len - self._line_no += 1 - - # Convert byte array to string with correct encoding and - # strip any whitespaces added in the decoding process. - return line.decode(sys.getdefaultencoding()).rstrip() + '\n' - - def get_line_no(self): - """ - Gives current line number. - """ - return self._line_no - - line_no = property(get_line_no) - class SuiteDataAuditor(Auditor): """Class for auditing files in tests/suites/*.data""" def __init__(self, options): From 861e5d2742ddcdd68ab89e8177aa85381eb12ff0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 19 Apr 2023 18:15:51 +0100 Subject: [PATCH 075/483] Change to using an alloc-realloc strategy Allocate enough memory to guarantee we can store the OID, encode into the buffer, then realloc and copy into a buffer of exactly the right size. Signed-off-by: David Horstmann --- library/oid.c | 119 +++++++++++++++++++++++++------------------------- 1 file changed, 60 insertions(+), 59 deletions(-) diff --git a/library/oid.c b/library/oid.c index 3c27bfc732..139a707c8e 100644 --- a/library/oid.c +++ b/library/oid.c @@ -951,111 +951,112 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *str_ptr = oid_str; const char *str_bound = oid_str + size; unsigned int val = 0; - size_t encoded_len; unsigned int component1, component2; - /* First pass - parse the string to get the length of buffer required */ + /* Count the number of dots to get a worst-case allocation size. */ + size_t num_dots = 0; + for (size_t i = 0; (i < size) && (oid_str[i] != '\0'); i++) { + if (oid_str[i] == '.') { + num_dots++; + } + } + /* Allocate maximum possible required memory: + * There are (num_dots + 1) integer components, but the first 2 share the + * same subidentifier, so we only need num_dots subidentifiers maximum. */ + if (num_dots == 0 || (num_dots > SIZE_MAX / sizeof(unsigned int))) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + size_t max_possible_bytes = num_dots * sizeof(unsigned int); + oid->p = mbedtls_calloc(max_possible_bytes, 1); + if (oid->p == NULL) { + return MBEDTLS_ERR_ASN1_ALLOC_FAILED; + } + unsigned char *out_ptr = oid->p; + unsigned char *out_bound = oid->p + max_possible_bytes; ret = oid_parse_number(&component1, &str_ptr, str_bound); if (ret != 0) { - return ret; + goto error; } if (component1 > 2) { /* First component can't be > 2 */ - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } if (str_ptr >= str_bound || *str_ptr != '.') { - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } str_ptr++; ret = oid_parse_number(&component2, &str_ptr, str_bound); if (ret != 0) { - return ret; + goto error; } if ((component1 < 2) && (component2 > 39)) { /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } if (str_ptr < str_bound && *str_ptr != '\0') { if (*str_ptr == '.') { str_ptr++; } else { - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } } if ((UINT_MAX - component2) <= (component1 * 40)) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; + } + ret = oid_subidentifier_encode_into(&out_ptr, out_bound, + (component1 * 40) + component2); + if (ret != 0) { + goto error; } - encoded_len = oid_subidentifier_num_bytes((component1 * 40) + component2); while (str_ptr < str_bound && *str_ptr != '\0') { - oid_parse_number(&val, &str_ptr, str_bound); + ret = oid_parse_number(&val, &str_ptr, str_bound); if (ret != 0) { - return ret; + goto error; } if (str_ptr < str_bound && *str_ptr != '\0') { if (*str_ptr == '.') { str_ptr++; } else { - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } } - size_t num_bytes = oid_subidentifier_num_bytes(val); - if ((SIZE_MAX - encoded_len) <= num_bytes) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - encoded_len += num_bytes; - } - - oid->p = mbedtls_calloc(encoded_len, 1); - if (oid->p == NULL) { - return MBEDTLS_ERR_ASN1_ALLOC_FAILED; - } - oid->len = encoded_len; - - /* Second pass - now that we've allocated the buffer, go back to the - * start and encode */ - - str_ptr = oid_str; - unsigned char *out_ptr = oid->p; - unsigned char *out_bound = oid->p + oid->len; - - /* No need to do validation this time, as we did it on the first pass */ - oid_parse_number(&component1, &str_ptr, str_bound); - /* Skip past the '.' */ - str_ptr++; - oid_parse_number(&component2, &str_ptr, str_bound); - /* Skip past the '.' */ - str_ptr++; - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, - (component1 * 40) + component2); - if (ret != 0) { - mbedtls_free(oid->p); - oid->p = NULL; - oid->len = 0; - return ret; - } - while (str_ptr < str_bound && *str_ptr != '\0') { - oid_parse_number(&val, &str_ptr, str_bound); - if (str_ptr < str_bound && *str_ptr == '.') { - /* Skip past the '.' */ - str_ptr++; - } - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); if (ret != 0) { - mbedtls_free(oid->p); - oid->p = NULL; - oid->len = 0; - return ret; + goto error; } } + + size_t encoded_len = out_ptr - oid->p; + unsigned char *minimum_mem = mbedtls_calloc(encoded_len, 1); + if (minimum_mem == NULL) { + ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; + goto error; + } + memcpy(minimum_mem, oid->p, encoded_len); + mbedtls_free(oid->p); + oid->p = minimum_mem; + oid->len = encoded_len; + oid->tag = MBEDTLS_ASN1_OID; return 0; + +error: + mbedtls_free(oid->p); + oid->p = NULL; + oid->len = 0; + return ret; } #endif /* MBEDTLS_OID_C */ From fcda6d4f51cc2c67c8567d427a8c52bafda7b3a7 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 21 Apr 2023 11:04:07 +0800 Subject: [PATCH 076/483] cert_audit: Enable logging module Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 61 ++++++++++++++++++++------- 1 file changed, 46 insertions(+), 15 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 89a6dd4f57..4000668409 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -30,6 +30,7 @@ import typing import argparse import datetime import glob +import logging from enum import Enum # The script requires cryptography >= 35.0.0 which is only available @@ -168,8 +169,8 @@ class X509Parser: class Auditor: """A base class for audit.""" - def __init__(self, verbose): - self.verbose = verbose + def __init__(self, logger): + self.logger = logger self.default_files = [] # A list to store the parsed audit_data. self.audit_data = [] @@ -188,14 +189,6 @@ class Auditor: }, }) - def error(self, *args): - #pylint: disable=no-self-use - print("Error: ", *args, file=sys.stderr) - - def warn(self, *args): - if self.verbose: - print("Warn: ", *args, file=sys.stderr) - def parse_file(self, filename: str) -> typing.List[AuditData]: """ Parse a list of AuditData from file. @@ -219,7 +212,7 @@ class Auditor: result = self.parser[data_type](data) except ValueError as val_error: result = None - self.warn(val_error) + self.logger.warning(val_error) if result is not None: audit_data = AuditData(data_type, result) return audit_data @@ -308,6 +301,39 @@ def list_all(audit_data: AuditData): audit_data.data_type.name, audit_data.location)) + +def configure_logger(logger: logging.Logger) -> None: + """ + Configure the logging.Logger instance so that: + - Format is set to "[%(levelname)s]: %(message)s". + - loglevel >= WARNING are printed to stderr. + - loglevel < WARNING are printed to stdout. + """ + class MaxLevelFilter(logging.Filter): + # pylint: disable=too-few-public-methods + def __init__(self, max_level, name=''): + super().__init__(name) + self.max_level = max_level + + def filter(self, record: logging.LogRecord) -> bool: + return record.levelno <= self.max_level + + log_formatter = logging.Formatter("[%(levelname)s]: %(message)s") + + # set loglevel >= WARNING to be printed to stderr + stderr_hdlr = logging.StreamHandler(sys.stderr) + stderr_hdlr.setLevel(logging.WARNING) + stderr_hdlr.setFormatter(log_formatter) + + # set loglevel <= INFO to be printed to stdout + stdout_hdlr = logging.StreamHandler(sys.stdout) + stdout_hdlr.addFilter(MaxLevelFilter(logging.INFO)) + stdout_hdlr.setFormatter(log_formatter) + + logger.addHandler(stderr_hdlr) + logger.addHandler(stdout_hdlr) + + def main(): """ Perform argument parsing. @@ -319,7 +345,7 @@ def main(): help='list the information of all the files') parser.add_argument('-v', '--verbose', action='store_true', dest='verbose', - help='show warnings') + help='show logs') parser.add_argument('--not-before', dest='not_before', help=('not valid before this date (UTC, YYYY-MM-DD). ' 'Default: today'), @@ -334,8 +360,13 @@ def main(): args = parser.parse_args() # start main routine - td_auditor = TestDataAuditor(args.verbose) - sd_auditor = SuiteDataAuditor(args.verbose) + # setup logger + logger = logging.getLogger() + configure_logger(logger) + logger.setLevel(logging.DEBUG if args.verbose else logging.ERROR) + + td_auditor = TestDataAuditor(logger) + sd_auditor = SuiteDataAuditor(logger) if args.files: data_files = args.files @@ -368,7 +399,7 @@ def main(): for d in filter(filter_func, audit_results): list_all(d) - print("\nDone!\n") + logger.debug("Done!") if __name__ == "__main__": main() From a228cbceccf35ccb6de1b4946b5e211936b3b98d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 21 Apr 2023 11:59:25 +0800 Subject: [PATCH 077/483] cert_audit: Add data-files and suite-data-files options The commit adds '--data-files' and '--suite-data-files' options so that we could pass names for the two types of files separately. Additionally, the commit improves the documentation in the script. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 4000668409..d74c6f826d 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -171,9 +171,9 @@ class Auditor: """A base class for audit.""" def __init__(self, logger): self.logger = logger - self.default_files = [] + self.default_files = [] # type: typing.List[str] # A list to store the parsed audit_data. - self.audit_data = [] + self.audit_data = [] # type: typing.List[AuditData] self.parser = X509Parser({ DataType.CRT: { DataFormat.PEM: x509.load_pem_x509_certificate, @@ -354,7 +354,11 @@ def main(): help=('not valid after this date (UTC, YYYY-MM-DD). ' 'Default: not-before'), metavar='DATE') - parser.add_argument('files', nargs='*', help='files to audit', + parser.add_argument('--data-files', action='append', nargs='*', + help='data files to audit', + metavar='FILE') + parser.add_argument('--suite-data-files', action='append', nargs='*', + help='suite data files to audit', metavar='FILE') args = parser.parse_args() @@ -368,22 +372,29 @@ def main(): td_auditor = TestDataAuditor(logger) sd_auditor = SuiteDataAuditor(logger) - if args.files: - data_files = args.files - suite_data_files = args.files - else: + data_files = [] + suite_data_files = [] + if args.data_files is None and args.suite_data_files is None: data_files = td_auditor.default_files suite_data_files = sd_auditor.default_files + else: + if args.data_files is not None: + data_files = [x for l in args.data_files for x in l] + if args.suite_data_files is not None: + suite_data_files = [x for l in args.suite_data_files for x in l] + # validity period start date if args.not_before: not_before_date = datetime.datetime.fromisoformat(args.not_before) else: not_before_date = datetime.datetime.today() + # validity period end date if args.not_after: not_after_date = datetime.datetime.fromisoformat(args.not_after) else: not_after_date = not_before_date + # go through all the files td_auditor.walk_all(data_files) sd_auditor.walk_all(suite_data_files) audit_results = td_auditor.audit_data + sd_auditor.audit_data @@ -396,6 +407,7 @@ def main(): if args.all: filter_func = None + # filter and output the results for d in filter(filter_func, audit_results): list_all(d) From 2d487217cd380c202ad002d5548d5d57391fb3ae Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 21 Apr 2023 12:41:24 +0800 Subject: [PATCH 078/483] cert_audit: Improve the method to find tests folder Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index d74c6f826d..09559dc98a 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -42,15 +42,20 @@ from cryptography import x509 #pylint: disable=import-error from generate_test_code import parse_test_data as parse_suite_data from generate_test_code import FileWrapper +import scripts_path # pylint: disable=unused-import +from mbedtls_dev import build_tree + class DataType(Enum): CRT = 1 # Certificate CRL = 2 # Certificate Revocation List CSR = 3 # Certificate Signing Request + class DataFormat(Enum): PEM = 1 # Privacy-Enhanced Mail DER = 2 # Distinguished Encoding Rules + class AuditData: """Store data location, type and validity period of X.509 objects.""" #pylint: disable=too-few-public-methods @@ -78,6 +83,7 @@ class AuditData: else: raise ValueError("Unsupported file_type: {}".format(self.data_type)) + class X509Parser: """A parser class to parse crt/crl/csr file or data in PEM/DER format.""" PEM_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n(?P.*?)-{5}END (?P=type)-{5}\n' @@ -167,6 +173,7 @@ class X509Parser: return False return True + class Auditor: """A base class for audit.""" def __init__(self, logger): @@ -231,15 +238,8 @@ class Auditor: @staticmethod def find_test_dir(): """Get the relative path for the MbedTLS test directory.""" - if os.path.isdir('tests'): - tests_dir = 'tests' - elif os.path.isdir('suites'): - tests_dir = '.' - elif os.path.isdir('../suites'): - tests_dir = '..' - else: - raise Exception("Mbed TLS source tree not found") - return tests_dir + return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests') + class TestDataAuditor(Auditor): """Class for auditing files in tests/data_files/""" @@ -255,6 +255,7 @@ class TestDataAuditor(Auditor): if os.path.isfile(f)] return data_files + class SuiteDataAuditor(Auditor): """Class for auditing files in tests/suites/*.data""" def __init__(self, options): @@ -294,6 +295,7 @@ class SuiteDataAuditor(Auditor): return audit_data_list + def list_all(audit_data: AuditData): print("{}\t{}\t{}\t{}".format( audit_data.not_valid_before.isoformat(timespec='seconds'), From 28fe957239904aae39d6680f1d8db054d7e31ae6 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Sun, 23 Apr 2023 13:56:25 +0800 Subject: [PATCH 079/483] cert_audit: Add simple parser of suite data file Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 29 ++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 09559dc98a..ea67959049 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -38,8 +38,6 @@ from enum import Enum # using modern system on our CI. from cryptography import x509 #pylint: disable=import-error -# reuse the function to parse *.data file in tests/suites/ -from generate_test_code import parse_test_data as parse_suite_data from generate_test_code import FileWrapper import scripts_path # pylint: disable=unused-import @@ -256,6 +254,31 @@ class TestDataAuditor(Auditor): return data_files +def parse_suite_data(data_f): + """ + Parses .data file for test arguments that possiblly have a + valid X.509 data. If you need a more precise parser, please + use generate_test_code.parse_test_data instead. + + :param data_f: file object of the data file. + :return: Generator that yields test function argument list. + """ + for line in data_f: + line = line.strip() + # Skip comments + if line.startswith('#'): + continue + + # Check parameters line + match = re.search(r'\A\w+(.*:)?\"', line) + if match: + # Read test vectors + parts = re.split(r'(?[0-9a-fA-F]+)"', test_arg) if not match: From c34b9ac18cdfa8088e34a7be69dfd4b6a57322b8 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Sun, 23 Apr 2023 14:51:18 +0800 Subject: [PATCH 080/483] cert_audit: Clarify the abstraction of Auditor Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 64 ++++++++++++++++++--------- 1 file changed, 43 insertions(+), 21 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index ea67959049..1517babb85 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -173,10 +173,25 @@ class X509Parser: class Auditor: - """A base class for audit.""" + """ + A base class that uses X509Parser to parse files to a list of AuditData. + + A subclass must implement the following methods: + - collect_default_files: Return a list of file names that are defaultly + used for parsing (auditing). The list will be stored in + Auditor.default_files. + - parse_file: Method that parses a single file to a list of AuditData. + + A subclass may override the following methods: + - parse_bytes: Defaultly, it parses `bytes` that contains only one valid + X.509 data(DER/PEM format) to an X.509 object. + - walk_all: Defaultly, it iterates over all the files in the provided + file name list, calls `parse_file` for each file and stores the results + by extending Auditor.audit_data. + """ def __init__(self, logger): self.logger = logger - self.default_files = [] # type: typing.List[str] + self.default_files = self.collect_default_files() # A list to store the parsed audit_data. self.audit_data = [] # type: typing.List[AuditData] self.parser = X509Parser({ @@ -194,6 +209,10 @@ class Auditor: }, }) + def collect_default_files(self) -> typing.List[str]: + """Collect the default files for parsing.""" + raise NotImplementedError + def parse_file(self, filename: str) -> typing.List[AuditData]: """ Parse a list of AuditData from file. @@ -201,14 +220,7 @@ class Auditor: :param filename: name of the file to parse. :return list of AuditData parsed from the file. """ - with open(filename, 'rb') as f: - data = f.read() - result = self.parse_bytes(data) - if result is not None: - result.location = filename - return [result] - else: - return [] + raise NotImplementedError def parse_bytes(self, data: bytes): """Parse AuditData from bytes.""" @@ -240,19 +252,32 @@ class Auditor: class TestDataAuditor(Auditor): - """Class for auditing files in tests/data_files/""" - def __init__(self, verbose): - super().__init__(verbose) - self.default_files = self.collect_default_files() + """Class for auditing files in `tests/data_files/`""" def collect_default_files(self): - """Collect all files in tests/data_files/""" + """Collect all files in `tests/data_files/`""" test_dir = self.find_test_dir() test_data_glob = os.path.join(test_dir, 'data_files/**') data_files = [f for f in glob.glob(test_data_glob, recursive=True) if os.path.isfile(f)] return data_files + def parse_file(self, filename: str) -> typing.List[AuditData]: + """ + Parse a list of AuditData from data file. + + :param filename: name of the file to parse. + :return list of AuditData parsed from the file. + """ + with open(filename, 'rb') as f: + data = f.read() + result = self.parse_bytes(data) + if result is not None: + result.location = filename + return [result] + else: + return [] + def parse_suite_data(data_f): """ @@ -280,13 +305,10 @@ def parse_suite_data(data_f): class SuiteDataAuditor(Auditor): - """Class for auditing files in tests/suites/*.data""" - def __init__(self, options): - super().__init__(options) - self.default_files = self.collect_default_files() + """Class for auditing files in `tests/suites/*.data`""" def collect_default_files(self): - """Collect all files in tests/suites/*.data""" + """Collect all files in `tests/suites/*.data`""" test_dir = self.find_test_dir() suites_data_folder = os.path.join(test_dir, 'suites') data_files = glob.glob(os.path.join(suites_data_folder, '*.data')) @@ -294,7 +316,7 @@ class SuiteDataAuditor(Auditor): def parse_file(self, filename: str): """ - Parse a list of AuditData from file. + Parse a list of AuditData from test suite data file. :param filename: name of the file to parse. :return list of AuditData parsed from the file. From f4194944e8715f12140003214526e3ab998525f2 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 24 Apr 2023 09:52:17 +0200 Subject: [PATCH 081/483] Use do-while(0) format in macros Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index c373913c47..e41cbbe457 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1668,20 +1668,24 @@ cleanup: #endif /* MBEDTLS_FS_IO */ #if !defined(MBEDTLS_X509_REMOVE_INFO) -#define PRINT_ITEM(i) \ - { \ - ret = mbedtls_snprintf(p, n, "%s" i, sep); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - sep = ", "; \ - } +#define PRINT_ITEM(i) \ + do { \ + ret = mbedtls_snprintf(p, n, "%s" i, sep); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + sep = ", "; \ + } while (0) -#define CERT_TYPE(type, name) \ - if (ns_cert_type & (type)) \ - PRINT_ITEM(name); +#define CERT_TYPE(type, name) \ + do { \ + if (ns_cert_type & (type)) \ + PRINT_ITEM(name); \ + } while (0) -#define KEY_USAGE(code, name) \ - if (key_usage & (code)) \ - PRINT_ITEM(name); +#define KEY_USAGE(code, name) \ + do { \ + if (key_usage & (code)) \ + PRINT_ITEM(name); \ + } while (0) static int x509_info_ext_key_usage(char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage) From 94cf710edcf406c35d1c0c66560c9fe293667132 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 24 Apr 2023 16:35:40 +0200 Subject: [PATCH 082/483] Revert increase of MEMORY_HEAP_SIZE in ssl_client2 Signed-off-by: Przemek Stekiel --- programs/ssl/ssl_client2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2a9a7fe84e..13edf46d7e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -41,7 +41,7 @@ int main(void) /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ -#define MEMORY_HEAP_SIZE 180000 +#define MEMORY_HEAP_SIZE 120000 #define MAX_REQUEST_SIZE 20000 #define MAX_REQUEST_SIZE_STR "20000" From 1381598aa3c0471cff3ef183dad66a561028e8ad Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 25 Apr 2023 14:55:38 +0800 Subject: [PATCH 083/483] cert_audit: Check the version of cryptography The script requires cryptography >= 35.0.0, we need to check the version and provide meaningful error message when the package version was too old. Signed-off-by: Pengyu Lv --- scripts/ci.requirements.txt | 5 +++++ tests/scripts/audit-validity-dates.py | 13 ++++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 1ad983fa93..ac9c25acf4 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -10,3 +10,8 @@ pylint == 2.4.4 # Use the earliest version of mypy that works with our code base. # See https://github.com/Mbed-TLS/mbedtls/pull/3953 . mypy >= 0.780 + +# Install cryptography to avoid import-error reported by pylint. +# What we really need is cryptography >= 35.0.0, which is only +# available for Python >= 3.6. +cryptography # >= 35.0.0 diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 1517babb85..5947774084 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -34,15 +34,21 @@ import logging from enum import Enum # The script requires cryptography >= 35.0.0 which is only available -# for Python >= 3.6. Disable the pylint error here until we were -# using modern system on our CI. -from cryptography import x509 #pylint: disable=import-error +# for Python >= 3.6. +import cryptography +from cryptography import x509 from generate_test_code import FileWrapper import scripts_path # pylint: disable=unused-import from mbedtls_dev import build_tree +def check_cryptography_version(): + match = re.match(r'^[0-9]+', cryptography.__version__) + if match is None or int(match[0]) < 35: + raise Exception("audit-validity-dates requires cryptography >= 35.0.0" + + "({} is too old)".format(cryptography.__version__)) + class DataType(Enum): CRT = 1 # Certificate CRL = 2 # Certificate Revocation List @@ -460,5 +466,6 @@ def main(): logger.debug("Done!") +check_cryptography_version() if __name__ == "__main__": main() From 1d4cc917cea1abc710e96465e4e6aa7f6296c738 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 25 Apr 2023 15:17:19 +0800 Subject: [PATCH 084/483] cert_audit: Reword the options and their descriptions Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 30 +++++++++++++-------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 5947774084..1ccfc2188f 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -18,8 +18,8 @@ """Audit validity date of X509 crt/crl/csr. This script is used to audit the validity date of crt/crl/csr used for testing. -It would print the information about X.509 data if the validity period of the -X.509 data didn't cover the provided validity period. The data are collected +It prints the information about X.509 objects excluding the objects that +are valid throughout the desired validity period. The data are collected from tests/data_files/ and tests/suites/*.data files by default. """ @@ -399,13 +399,13 @@ def main(): parser.add_argument('-v', '--verbose', action='store_true', dest='verbose', help='show logs') - parser.add_argument('--not-before', dest='not_before', - help=('not valid before this date (UTC, YYYY-MM-DD). ' + parser.add_argument('--from', dest='start_date', + help=('Start of desired validity period (UTC, YYYY-MM-DD). ' 'Default: today'), metavar='DATE') - parser.add_argument('--not-after', dest='not_after', - help=('not valid after this date (UTC, YYYY-MM-DD). ' - 'Default: not-before'), + parser.add_argument('--to', dest='end_date', + help=('End of desired validity period (UTC, YYYY-MM-DD). ' + 'Default: --from'), metavar='DATE') parser.add_argument('--data-files', action='append', nargs='*', help='data files to audit', @@ -437,15 +437,15 @@ def main(): suite_data_files = [x for l in args.suite_data_files for x in l] # validity period start date - if args.not_before: - not_before_date = datetime.datetime.fromisoformat(args.not_before) + if args.start_date: + start_date = datetime.datetime.fromisoformat(args.start_date) else: - not_before_date = datetime.datetime.today() + start_date = datetime.datetime.today() # validity period end date - if args.not_after: - not_after_date = datetime.datetime.fromisoformat(args.not_after) + if args.end_date: + end_date = datetime.datetime.fromisoformat(args.end_date) else: - not_after_date = not_before_date + end_date = start_date # go through all the files td_auditor.walk_all(data_files) @@ -454,8 +454,8 @@ def main(): # we filter out the files whose validity duration covers the provided # duration. - filter_func = lambda d: (not_before_date < d.not_valid_before) or \ - (d.not_valid_after < not_after_date) + filter_func = lambda d: (start_date < d.not_valid_before) or \ + (d.not_valid_after < end_date) if args.all: filter_func = None From ad808dd5f1ef7d418b83ab735107ee412aa86c23 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Apr 2023 12:18:41 +0100 Subject: [PATCH 085/483] bignum_core: Extracted mbedtls_mpi_shift_l from prototype Signed-off-by: Minos Galanakis --- library/bignum_core.c | 48 +++++++++++++++++++++++++++++++++++++++++++ library/bignum_core.h | 12 +++++++++++ 2 files changed, 60 insertions(+) diff --git a/library/bignum_core.c b/library/bignum_core.c index c6d92fb061..26aff15f16 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -353,6 +353,54 @@ void mbedtls_mpi_core_shift_r(mbedtls_mpi_uint *X, size_t limbs, } } +int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t i, v0, t1; + mbedtls_mpi_uint r0 = 0, r1; + MPI_VALIDATE_RET( X != NULL ); + + v0 = count / (biL ); + t1 = count & (biL - 1); + + i = mbedtls_mpi_bitlen( X ) + count; + + if( X->n * biL < i ) + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) ); + + ret = 0; + + /* + * shift by count / limb_size + */ + if( v0 > 0 ) + { + for( i = X->n; i > v0; i-- ) + X->p[i - 1] = X->p[i - v0 - 1]; + + for( ; i > 0; i-- ) + X->p[i - 1] = 0; + } + + /* + * shift by count % limb_size + */ + if( t1 > 0 ) + { + for( i = v0; i < X->n; i++ ) + { + r1 = X->p[i] >> (biL - t1); + X->p[i] <<= t1; + X->p[i] |= r0; + r0 = r1; + } + } + +cleanup: + + return( ret ); +} + mbedtls_mpi_uint mbedtls_mpi_core_add(mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, const mbedtls_mpi_uint *B, diff --git a/library/bignum_core.h b/library/bignum_core.h index b3d05a34ef..25e7e1a6be 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -293,6 +293,18 @@ int mbedtls_mpi_core_write_be(const mbedtls_mpi_uint *A, void mbedtls_mpi_core_shift_r(mbedtls_mpi_uint *X, size_t limbs, size_t count); +/** + * \brief Perform a left-shift on an MPI: X <<= count + * + * \param X The MPI to shift. This must point to an initialized MPI. + * \param count The number of bits to shift by. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return Another negative error code on different kinds of failure. + */ +int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); + /** * \brief Add two fixed-size large unsigned integers, returning the carry. * From ec09e2525147cb7cf7c82df3a8e1aa69dd62fcf1 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 20 Apr 2023 14:22:16 +0100 Subject: [PATCH 086/483] bignum_core: Aligned `xxx_core_shift_l` to `xxx_core_shift_r` This patch modifies the left-shift implementation to closely align in interface and behaviour to the existing right-shift method. Signed-off-by: Minos Galanakis --- library/bignum_core.c | 50 ++++++++++++++++++------------------------- library/bignum_core.h | 19 +++++++++------- 2 files changed, 32 insertions(+), 37 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 26aff15f16..92a9d558a3 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -353,52 +353,44 @@ void mbedtls_mpi_core_shift_r(mbedtls_mpi_uint *X, size_t limbs, } } -int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ) +void mbedtls_mpi_core_shift_l(mbedtls_mpi_uint *X, size_t limbs, + size_t count) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, v0, t1; + size_t i, v0, v1; mbedtls_mpi_uint r0 = 0, r1; - MPI_VALIDATE_RET( X != NULL ); - v0 = count / (biL ); - t1 = count & (biL - 1); + v0 = count / (biL); + v1 = count & (biL - 1); - i = mbedtls_mpi_bitlen( X ) + count; - - if( X->n * biL < i ) - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) ); - - ret = 0; + if (v0 > limbs || (v0 == limbs && v1 > 0)) { + memset(X, 0, limbs * ciL); + return; + } /* * shift by count / limb_size */ - if( v0 > 0 ) - { - for( i = X->n; i > v0; i-- ) - X->p[i - 1] = X->p[i - v0 - 1]; + if (v0 > 0) { + for (i = limbs; i > v0; i--) { + X[i - 1] = X[i - v0 - 1]; + } - for( ; i > 0; i-- ) - X->p[i - 1] = 0; + for (; i > 0; i--) { + X[i - 1] = 0; + } } /* * shift by count % limb_size */ - if( t1 > 0 ) - { - for( i = v0; i < X->n; i++ ) - { - r1 = X->p[i] >> (biL - t1); - X->p[i] <<= t1; - X->p[i] |= r0; + if (v1 > 0) { + for (i = v0; i < limbs; i++) { + r1 = X[i] >> (biL - v1); + X[i] <<= v1; + X[i] |= r0; r0 = r1; } } - -cleanup: - - return( ret ); } mbedtls_mpi_uint mbedtls_mpi_core_add(mbedtls_mpi_uint *X, diff --git a/library/bignum_core.h b/library/bignum_core.h index 25e7e1a6be..2b11ccaff3 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -278,7 +278,7 @@ int mbedtls_mpi_core_write_be(const mbedtls_mpi_uint *A, unsigned char *output, size_t output_length); -/** \brief Shift an MPI right in place by a number of bits. +/** \brief Shift an MPI in-place right by a number of bits. * * Shifting by more bits than there are bit positions * in \p X is valid and results in setting \p X to 0. @@ -294,16 +294,19 @@ void mbedtls_mpi_core_shift_r(mbedtls_mpi_uint *X, size_t limbs, size_t count); /** - * \brief Perform a left-shift on an MPI: X <<= count + * \brief Shift an MPI in-place left by a number of bits. * - * \param X The MPI to shift. This must point to an initialized MPI. - * \param count The number of bits to shift by. + * Shifting by more bits than there are bit positions + * in \p X is valid and results in setting \p X to 0. * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. + * This function's execution time depends on the value + * of \p count (and of course \p limbs). + * \param[in,out] X The number to shift. + * \param limbs The number of limbs of \p X. This must be at least 1. + * \param count The number of bits to shift by. */ -int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); +void mbedtls_mpi_core_shift_l(mbedtls_mpi_uint *X, size_t limbs, + size_t count); /** * \brief Add two fixed-size large unsigned integers, returning the carry. From cfb5a5fade70891269d0458c929eef3fc6be3250 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 25 Apr 2023 12:11:44 +0100 Subject: [PATCH 087/483] bignum_core_test_suite: Added `mpi_core_shift_l()` Signed-off-by: Minos Galanakis --- tests/suites/test_suite_bignum_core.function | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index e084b83252..6eba5fa786 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -532,6 +532,26 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mpi_core_shift_l(char *input, int count, char *result) +{ + mbedtls_mpi_uint *X = NULL; + mbedtls_mpi_uint *Y = NULL; + size_t limbs, n; + + TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &limbs, input)); + TEST_EQUAL(0, mbedtls_test_read_mpi_core(&Y, &n, result)); + TEST_EQUAL(limbs, n); + + mbedtls_mpi_core_shift_l(X, limbs, count); + ASSERT_COMPARE(X, limbs * ciL, Y, limbs * ciL); + +exit: + mbedtls_free(X); + mbedtls_free(Y); +} +/* END_CASE */ + /* BEGIN_CASE */ void mpi_core_add_and_add_if(char *input_A, char *input_B, char *input_S, int carry) From f5b8f78ad72ba265b3ace0aaac06ca1b8c3fae1a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 26 Apr 2023 08:55:26 +0200 Subject: [PATCH 088/483] authorityCertIssuer and authorityCertSerialNumber MUST both be present or absent Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index e41cbbe457..08874284bc 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -660,27 +660,29 @@ static int x509_get_authority_key_id(unsigned char **p, if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1)) != 0) { - /* authorityCertIssuer is an OPTIONAL field */ + /* authorityCertIssuer and authorityCertSerialNumber MUST both + be present or both be absent. At this point we expect to have both. */ + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } else { /* "end" also includes the CertSerialNumber field so "len" shall be used */ ret = mbedtls_x509_get_subject_alt_name_ext(p, (*p+len), &authority_key_id->authorityCertIssuer); - } - } + if (ret != 0) { + return ret; + } - if (*p < end) { - /* Getting authorityCertSerialNumber using the required specific class tag [2] */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER | - 2)) != 0) { - /* authorityCertSerialNumber is an OPTIONAL field */ - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } else { - authority_key_id->authorityCertSerialNumber.len = len; - authority_key_id->authorityCertSerialNumber.p = *p; - authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING; - *p += len; + /* Getting authorityCertSerialNumber using the required specific class tag [2] */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER | + 2)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } else { + authority_key_id->authorityCertSerialNumber.len = len; + authority_key_id->authorityCertSerialNumber.p = *p; + authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING; + *p += len; + } } } @@ -1677,14 +1679,16 @@ cleanup: #define CERT_TYPE(type, name) \ do { \ - if (ns_cert_type & (type)) \ - PRINT_ITEM(name); \ + if (ns_cert_type & (type)) { \ + PRINT_ITEM(name); \ + } \ } while (0) #define KEY_USAGE(code, name) \ do { \ - if (key_usage & (code)) \ - PRINT_ITEM(name); \ + if (key_usage & (code)) { \ + PRINT_ITEM(name); \ + } \ } while (0) static int x509_info_ext_key_usage(char **buf, size_t *size, From 84ee3e29210ecd963ef841254642c7da8e44e591 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 14:22:34 +0100 Subject: [PATCH 089/483] Adapt config files for FFDH Signed-off-by: Przemek Stekiel --- include/mbedtls/config_psa.h | 25 +++++++++++++++++++++++++ include/psa/crypto_config.h | 2 ++ 2 files changed, 27 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 20d4358f9b..00b756fb83 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -148,6 +148,14 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ #endif /* PSA_WANT_ALG_ECDSA */ +#if defined(PSA_WANT_ALG_FFDH) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) +#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 +#define MBEDTLS_DHM_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */ +#endif /* PSA_WANT_ALG_FFDH */ + #if defined(PSA_WANT_ALG_HKDF) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 @@ -287,6 +295,14 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */ #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */ +#if defined(PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_FFDH_KEY_PAIR) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR 1 +#define MBEDTLS_DHM_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_FFDH_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_FFDG_KEY_PAIR */ + #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 @@ -651,6 +667,15 @@ extern "C" { #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif /* MBEDTLS_ECP_C */ +#if defined(MBEDTLS_DHM_C) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY 1 +#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 +#define PSA_WANT_ALG_FFDH 1 +#endif /* MBEDTLS_DHM_C */ + #if defined(MBEDTLS_GCM_C) #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 #define PSA_WANT_ALG_GCM 1 diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index e68fac8b44..1c4fb6d567 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -126,6 +126,8 @@ #define PSA_WANT_KEY_TYPE_DES 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY 1 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 From 472b3f33b9f602b70d49279f788003977bbafdda Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 14:38:49 +0100 Subject: [PATCH 090/483] Add import/export of FFDH keys Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 163 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 160 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 20918bca93..42ebfcf5ca 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -82,6 +82,7 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" #include "hash_info.h" +#include "mbedtls/dhm.h" #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) @@ -628,6 +629,25 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) + if (PSA_KEY_TYPE_IS_DH(type)) { + if (data_length != 256 && data_length != 384 && + data_length != 512 && data_length != 768 && + data_length != 1024) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* Copy the key material. */ + memcpy(key_buffer, data, data_length); + *key_buffer_length = data_length; + *bits = PSA_BYTES_TO_BITS(data_length); + (void) key_buffer_size; + + return PSA_SUCCESS; + } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC(type)) { @@ -1330,7 +1350,8 @@ psa_status_t psa_export_key_internal( if (key_type_is_raw_bytes(type) || PSA_KEY_TYPE_IS_RSA(type) || - PSA_KEY_TYPE_IS_ECC(type)) { + PSA_KEY_TYPE_IS_ECC(type) || + PSA_KEY_TYPE_IS_DH(type)) { return psa_export_key_buffer_internal( key_buffer, key_buffer_size, data, data_size, data_length); @@ -1386,6 +1407,128 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key, return (status == PSA_SUCCESS) ? unlock_status : status; } +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) +static psa_status_t psa_ffdh_set_prime_generator(size_t key_size, + mbedtls_mpi *P, + mbedtls_mpi *G) +{ + const unsigned char *dhm_P = NULL; + const unsigned char *dhm_G = NULL; + size_t dhm_size_P = 0; + size_t dhm_size_G = 0; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (P == NULL && G == NULL) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + static const unsigned char dhm_P_2048[] = + MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN; + static const unsigned char dhm_P_3072[] = + MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN; + static const unsigned char dhm_P_4096[] = + MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN; + static const unsigned char dhm_P_6144[] = + MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN; + static const unsigned char dhm_P_8192[] = + MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN; + static const unsigned char dhm_G_2048[] = + MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN; + static const unsigned char dhm_G_3072[] = + MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN; + static const unsigned char dhm_G_4096[] = + MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN; + static const unsigned char dhm_G_6144[] = + MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN; + static const unsigned char dhm_G_8192[] = + MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN; + + if (key_size <= 256) { + dhm_P = dhm_P_2048; + dhm_G = dhm_G_2048; + dhm_size_P = sizeof(dhm_P_2048); + dhm_size_G = sizeof(dhm_G_2048); + } else if (key_size <= 384) { + dhm_P = dhm_P_3072; + dhm_G = dhm_G_3072; + dhm_size_P = sizeof(dhm_P_3072); + dhm_size_G = sizeof(dhm_G_3072); + } else if (key_size <= 512) { + dhm_P = dhm_P_4096; + dhm_G = dhm_G_4096; + dhm_size_P = sizeof(dhm_P_4096); + dhm_size_G = sizeof(dhm_G_4096); + } else if (key_size <= 768) { + dhm_P = dhm_P_6144; + dhm_G = dhm_G_6144; + dhm_size_P = sizeof(dhm_P_6144); + dhm_size_G = sizeof(dhm_G_6144); + } else if (key_size <= 1024) { + dhm_P = dhm_P_8192; + dhm_G = dhm_G_8192; + dhm_size_P = sizeof(dhm_P_8192); + dhm_size_G = sizeof(dhm_G_8192); + } else { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (P != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(P, dhm_P, + dhm_size_P)); + } + if (G != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(G, dhm_G, + dhm_size_G)); + } + +cleanup: + if (ret != 0) { + return mbedtls_to_psa_error(ret); + } + + return PSA_SUCCESS; +} + +static psa_status_t psa_export_ffdh_public_key_internal( + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *data, + size_t data_size, + size_t *data_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi GX, G, X, P; + + mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G); + mbedtls_mpi_init(&X); mbedtls_mpi_init(&P); + + status = psa_ffdh_set_prime_generator(key_buffer_size, &P, &G); + + if (status == PSA_SUCCESS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, + key_buffer_size)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&GX, &G, &X, &P, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&GX, data, data_size)); + + *data_length = mbedtls_mpi_size(&GX); + } +cleanup: + mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&GX); + + if (status == PSA_SUCCESS && ret != 0) { + return mbedtls_to_psa_error(ret); + } + + return status; +} + +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY */ + psa_status_t psa_export_public_key_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -1396,7 +1539,8 @@ psa_status_t psa_export_public_key_internal( { psa_key_type_t type = attributes->core.type; - if (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type)) { + if (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || + PSA_KEY_TYPE_IS_DH(type)) { if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { /* Exporting public -> public */ return psa_export_key_buffer_internal( @@ -1418,7 +1562,7 @@ psa_status_t psa_export_public_key_internal( return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ - } else { + } else if (PSA_KEY_TYPE_IS_ECC(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) return mbedtls_psa_ecp_export_public_key(attributes, @@ -1433,6 +1577,19 @@ psa_status_t psa_export_public_key_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ } +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) + else { + return psa_export_ffdh_public_key_internal(key_buffer, + key_buffer_size, + data, data_size, + data_length); + } +#else + /* We don't know how to convert a private FFDH key to public */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) */ } else { /* This shouldn't happen in the reference implementation, but it is valid for a special-purpose implementation to omit From fb3dd54b24034c59936329d78b106926690fb721 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 14:59:15 +0100 Subject: [PATCH 091/483] Add key agreement for FFDH keys Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 74 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 42ebfcf5ca..76632694d7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1490,6 +1490,59 @@ cleanup: return PSA_SUCCESS; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) +static psa_status_t psa_key_agreement_ffdh(const uint8_t *peer_key, + size_t peer_key_length, + const uint8_t *our_key, + size_t our_key_length, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi P, G, X, GY, K; + const size_t calculated_shared_secret_size = peer_key_length; + + if (peer_key_length != our_key_length || + calculated_shared_secret_size > shared_secret_size) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); + mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); + mbedtls_mpi_init(&K); + + status = psa_ffdh_set_prime_generator(peer_key_length, &P, &G); + + if (status == PSA_SUCCESS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, our_key, + our_key_length)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, + peer_key_length)); + + /* Calculate shared secret public key: K = G^(XY) mod P */ + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, + calculated_shared_secret_size)); + + *shared_secret_length = calculated_shared_secret_size; + } +cleanup: + mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); + mbedtls_mpi_free(&K); + + if (status == PSA_SUCCESS && ret != 0) { + return mbedtls_to_psa_error(ret); + } + + return PSA_SUCCESS; +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ + static psa_status_t psa_export_ffdh_public_key_internal( const uint8_t *key_buffer, size_t key_buffer_size, @@ -6118,6 +6171,11 @@ static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg) if (alg == PSA_ALG_ECDH) { return PSA_SUCCESS; } +#endif +#if defined(PSA_WANT_ALG_FFDH) + if (alg == PSA_ALG_FFDH) { + return PSA_SUCCESS; + } #endif (void) alg; return PSA_ERROR_NOT_SUPPORTED; @@ -6707,6 +6765,22 @@ psa_status_t psa_key_agreement_raw_builtin(const psa_key_attributes_t *attribute shared_secret_size, shared_secret_length); #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) + case PSA_ALG_FFDH: + if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + return psa_key_agreement_ffdh(peer_key, + peer_key_length, + key_buffer, + key_buffer_size, + shared_secret, + shared_secret_size, + shared_secret_length); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ + default: (void) attributes; (void) key_buffer; From fedd134300b4d81d55b150a8f5ccb4c0141f2420 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:00:02 +0100 Subject: [PATCH 092/483] Add key generation for FFDH keys Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 48 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 76632694d7..9de7cd7db4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1579,6 +1579,36 @@ cleanup: return status; } +static psa_status_t mbedtls_psa_ffdh_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) +{ + mbedtls_mpi X, P; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi_init(&P); mbedtls_mpi_init(&X); + + status = psa_ffdh_set_prime_generator(PSA_BITS_TO_BYTES(attributes->core.bits), &P, NULL); + + if (status == PSA_SUCCESS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2)); + + *key_buffer_length = mbedtls_mpi_size(&X); + + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer, + key_buffer_size)); + } + +cleanup: + mbedtls_mpi_free(&P); mbedtls_mpi_free(&X); + if (status == PSA_SUCCESS && ret != 0) { + return mbedtls_to_psa_error(ret); + } + + return status; +} #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY */ @@ -7162,6 +7192,15 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( return PSA_SUCCESS; } else #endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) */ + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) + if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { + if (bits != 2048 && bits != 3072 && bits != 4096 && + bits != 6144 && bits != 8192) { + return PSA_ERROR_NOT_SUPPORTED; + } + } else +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) */ { return PSA_ERROR_NOT_SUPPORTED; } @@ -7213,6 +7252,15 @@ psa_status_t psa_generate_key_internal( key_buffer_length); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) + if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { + return mbedtls_psa_ffdh_generate_key(attributes, + key_buffer, + key_buffer_size, + key_buffer_length); + } else +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) */ { (void) key_buffer_length; return PSA_ERROR_NOT_SUPPORTED; From ed23b61020424c6d8bb331c26fdad960f82cbbeb Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:00:41 +0100 Subject: [PATCH 093/483] Adapt size macros for FFDH Signed-off-by: Przemek Stekiel --- include/psa/crypto_sizes.h | 44 +++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 37f72054f7..3dc0f2e6ac 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -195,6 +195,12 @@ * operations, and does not need to accept all key sizes up to the limit. */ #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096 +/* The maximum size of an FFDH key on this implementation, in bits. + * + * Note that an implementation may set different size limits for different + * operations, and does not need to accept all key sizes up to the limit. */ +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192 + /* The maximum size of an ECC key on this implementation, in bits. * This is a vendor-specific macro. */ #if defined(PSA_WANT_ECC_SECP_R1_521) @@ -804,6 +810,18 @@ #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \ (PSA_BITS_TO_BYTES(key_bits)) +/* Maximum size of the export encoding of an FFDH key pair. + * + * An FFDH key pair is represented by the secret value. + */ +#define PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(key_bits) \ + (PSA_BITS_TO_BYTES(key_bits)) + +/* Maximum size of the export encoding of an FFDH public key. + */ +#define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \ + (PSA_BITS_TO_BYTES(key_bits)) + /** Sufficient output buffer size for psa_export_key() or * psa_export_public_key(). * @@ -845,6 +863,7 @@ */ #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ + PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \ @@ -901,6 +920,7 @@ #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ + PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ 0) /** Sufficient buffer size for exporting any asymmetric key pair. @@ -914,8 +934,14 @@ #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \ + PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) + PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) : \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \ + PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)) /** Sufficient buffer size for exporting any asymmetric public key. * @@ -929,8 +955,14 @@ #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \ + PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ + PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)) + PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \ + PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)) /** Sufficient output buffer size for psa_raw_key_agreement(). * @@ -955,11 +987,13 @@ * If the parameters are not valid, * the return value is unspecified. */ -/* FFDH is not yet supported in PSA. */ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \ PSA_BITS_TO_BYTES(key_bits) : \ - 0) + PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type) ? \ + PSA_BITS_TO_BYTES(key_bits) : \ + 0 \ + ) /** Maximum size of the output from psa_raw_key_agreement(). * @@ -969,7 +1003,7 @@ * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits). */ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \ - (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)) + (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)) /** The default IV size for a cipher algorithm, in bytes. * From 1d9c2b63d913f67dc4bbeb1b14d86b3a47c0bd18 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:01:39 +0100 Subject: [PATCH 094/483] Adapt import/export test for FFDH Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.function | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index cd8a7b5fff..34bb5e206e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1503,6 +1503,7 @@ void import_export(data_t *data, size_t reexported_length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t expected_import_result = PSA_SUCCESS; export_size = (ptrdiff_t) data->len + export_size_delta; ASSERT_ALLOC(exported, export_size); @@ -1516,8 +1517,24 @@ void import_export(data_t *data, psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, type); + if (PSA_KEY_TYPE_IS_DH(type) && + expected_export_status == PSA_ERROR_BUFFER_TOO_SMALL) { + export_size -= 8; + } + + if (PSA_KEY_TYPE_IS_DH(type) && + (data->len != 256 && data->len != 384 && + data->len != 512 && data->len != 768 && data->len != 1024)) { + expected_import_result = PSA_ERROR_INVALID_ARGUMENT; + } + /* Import the key */ - PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key)); + TEST_EQUAL(psa_import_key(&attributes, data->x, data->len, &key), + expected_import_result); + + if (expected_import_result != PSA_SUCCESS) { + goto exit; + } /* Test the key information */ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); From 44babc04dc91b3aa8a46ef177d1c93e01e089af8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:05:00 +0100 Subject: [PATCH 095/483] Add import/export FFDH key tests Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 164 ++++++++++++++++++++++++ 1 file changed, 164 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 07aad73793..17b9e4bddb 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -506,6 +506,170 @@ PSA import/export RSA keypair: import PEM depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PEM_PARSE_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 +PSA import/export FFDH RFC7919 2048 key pair: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 2048 public key: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 3072 key pair: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 3072 public key: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 4096 key pair: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 4096 public key: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 6144 key pair: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 6144 public key: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 8192 key pair: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 8192 public key: good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 2048 key pair: export not permiterd +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_NOT_PERMITTED:1 + +PSA import/export FFDH RFC7919 2040 key pair: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 2040 public key: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 3064 key pair: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 3064 public key: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 + +PSA import/export FFDH RFC7919 4088 key pair: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:0:1 + +PSA import/export FFDH RFC7919 4088 public key: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:0:1 + +PSA import/export FFDH RFC7919 6136 key pair: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:0:1 + +PSA import/export FFDH RFC7919 6136 public key: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:0:1 + +PSA import/export FFDH RFC7919 8184 key pair: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:0:1 + +PSA import/export FFDH RFC7919 8184 public key: import invalid kay length +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:0:1 + +PSA import/export FFDH RFC7919 2048 key pair: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export FFDH RFC7919 2048 public key: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export FFDH RFC7919 3072 key pair: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export FFDH RFC7919 3072 public key: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export FFDH RFC7919 4096 key pair: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export FFDH RFC7919 4096 public key: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export FFDH RFC7919 6144 key pair: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export FFDH RFC7919 6144 public key: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export FFDH RFC7919 8192 key pair: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export FFDH RFC7919 8192 public key: export buffer to small +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1 + +PSA import/export-public FFDH RFC7919 public key 2048 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0" + +PSA import/export-public FFDH RFC7919 key pair 2048 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"AA396C4E08F47E499243FF17B3E0D019415A52FB6E31FCA71B2B9F46FE84E3A611757DD414A21E1BE8A8FFD60479348245918F7D771EC4A78733F627F72CE0FE1717EE3950B4DB7982577A332CC66C3F3EEB79CD604568644FD3EDAE35A08F3C75C7A99E1A24CB8B56CF7D102984568C0D93BAB9C760F22BB2AC3BEE62E532010E6EEB5A3FB2ABE1EEE1562C1C8D9AC8F781B7283C846B435F4BD4F437EE4D60B97B6EF6ECE675F199E6A40EEFFDC8C65F2973B662782FD2069AEFC026560FA57DE67474AD1A5C8837FF0644F6D0E79161DE5AC38B4837818A5EC38D335D6ECCCC1F9FC676D3548BA30635C5DB24C02BF86977E401E47C3262B81C84C340D729" + +PSA import/export-public FFDH RFC7919 public key 3072 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512" + +PSA import/export-public FFDH RFC7919 key pair 3072 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"c6dbc8151d22313ab19feea7be0f22f798ff9bec21e9da9b5020b6028395d4a3258f3db0cee7adda3f56864863d4c565498d59b205bcbcc3fc098d78efd4e6b4e09b97971c6fd00cd2fa63bb0b3c7380cc1c19fbb34d077fda61c4a71c254242aa5870786b5d0fd3cb179f64f737eb7ab83b57ca70f93955f49b43869ca2ea441650f48a516137229be2926b02129de4089c9d129df7d76848ecda1bcecda1cf95df195e8e388ee70fac0f1c4d9b38e745b067ee88b32e6d59cb159a95852f18b121f85fedfbb6a2c6962ed70cc1ae471813e1bdc053abacccd1eec79359a6f15ec55d92bbf3890b912fbbb2c029407e1493315394a290f4ce81c0d9dccfbab386b745145cb173b9e08f018d309200691b72acafb313cebf483ff8810080bce9516aa5382a18c3c10965a33176d93d8c51f83d6fca7f606200bb7c779a891fd65dd7ed6972f6835f4e94d928f89f1d0ee204b1ef073a761c65241a76f254695ac31842600aa0753c94e6c805c24ed101bbb26c96928db1166a91c7fea8bc3b90" + +PSA import/export-public FFDH RFC7919 public key 4096 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B" + +PSA import/export-public FFDH RFC7919 key pair 4096 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"e0c2e35be32adb92560e6557d07ba9bab295792063a2724f9e381e9f2644423e73efeb074ddee70388444bc1a67edfe496a6c38eafff45ec500278f9b896a6fb1de4a59461e6fcf1de17867018e0c362876ae107fd4287383989a4ab41cd44844b103cf58085aa52b49527df433446fa5c4665037475e8f78c8d64d5d60a462603d292d02c539329e9d48c25e05083fa98fd6a513c84f0e2ced9121c2f5922559abb5e2fe3081e6bf2256d6043af211a70fe48e371bf683b953f199821fe0fbe924151dc772e72db53492ba5613bcf5661b7ed419fa02f332443be5f8b97908800077306abf6fd796afdbbdbc2badb21501ccee5ed67635b3cf37819f5d1db5370d77960ac0535a029b0af1bf634679367d35db0e7f38bbe0a022392efefc6b8ccf1e9f53bd7ac28012f6bf5e3701476606eb4649c64377b1e0c418840486bb4a286ebaf685449061ee375487e9e9164d0a7c9327c7b667b1933dc3adb11358e76457d594c19b88e8a689107c641d3503a7639159f3cdae7f58398204d29895e84fb82e192b796866c27d8373a36c5c062a445f6fd515e561d7c2328e7424057229689fe7851432f706f21e114f74d21ca3b01f1aa57d2743f28f8dbfa5ef5c584de2012d82ee978bb7cd713001237e76b5ee12e3cc51393cbcfe1717cefdf885022f18e66661097fe1ce91d0508e1931cf3774bd83d8f068711e09943b82355" + +PSA import/export-public FFDH RFC7919 public key 6144 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" + +PSA import/export-public FFDH RFC7919 key pair 6144 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" + +PSA import/export-public FFDH RFC7919 public key 8192 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" + +PSA import/export-public FFDH RFC7919 key pair 8192 good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +import_export_public_key:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" + PSA import: reject raw data key of length 0 # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED import_with_data:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT From 564eb5864bd6283e94561c80fa6caaf561450940 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:05:56 +0100 Subject: [PATCH 096/483] Add FFDH key generation tests Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 17b9e4bddb..f1091787b8 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6823,6 +6823,30 @@ generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: RSA, e=2 generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT +PSA generate key: FFDH, 2048 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 + +PSA generate key: FFDH, 3072 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 + +PSA generate key: FFDH, 4096 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 + +PSA generate key: FFDH, 6144 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 + +PSA generate key: FFDH, 8192 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 + +PSA generate key: FFDH, 1024 bits, invalid bits +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0 + PSA import persistent key: raw data, 8 bits depends_on:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY From b231c9dd232805f3ac8138131bea83c445ffdb4d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:06:15 +0100 Subject: [PATCH 097/483] Add FFDH key agreement tests Tests were generated using the python script. Please find code below: """ generate_ffdh_key_agreement_tests.py Script to generate test vectors for FFDH key agreement. Example usage: generate_ffdh_key_agreement_tests.py """ import os import sys import random DHM_RFC7919_FFDHE2048_P_BIN = bytes([ \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ]) DHM_RFC7919_FFDHE2048_G_BIN = bytes([ 0x02 ]) DHM_RFC7919_FFDHE3072_P_BIN = bytes([ \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ]) DHM_RFC7919_FFDHE3072_G_BIN = bytes([ 0x02 ]) DHM_RFC7919_FFDHE4096_P_BIN = bytes([ \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ]) DHM_RFC7919_FFDHE4096_G_BIN = bytes([ 0x02 ]) DHM_RFC7919_FFDHE6144_P_BIN = bytes([ \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ]) DHM_RFC7919_FFDHE6144_G_BIN = bytes([ 0x02 ]) DHM_RFC7919_FFDHE8192_P_BIN = bytes([ \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \ 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \ 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \ 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \ 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \ 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \ 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \ 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \ 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \ 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \ 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \ 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \ 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \ 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \ 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \ 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \ 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \ 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \ 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \ 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \ 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \ 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \ 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \ 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \ 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \ 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \ 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \ 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \ 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \ 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \ 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \ 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \ 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \ 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \ 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \ 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \ 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \ 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \ 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \ 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \ 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \ 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \ 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \ 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \ 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \ 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \ 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \ 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \ 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \ 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \ 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \ 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \ 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \ 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \ 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \ 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \ 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \ 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \ 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \ 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \ 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \ 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \ 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \ 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \ 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \ 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \ 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \ 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \ 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \ 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \ 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \ 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \ 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \ 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \ 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \ 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \ 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \ 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \ 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \ 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \ 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \ 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \ 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \ 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \ 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ]) DHM_RFC7919_FFDHE8192_G_BIN = bytes([ 0x02 ]) def generate_ffdh_key_agreement_test_vectors(P, G): K_B = int.to_bytes(0, 4, "big") P_size = (P.bit_length() + 7) // 8 while(K_B[0] == 0): X = random.randint(2, P-2) Y = random.randint(2, P-2) GX = pow(G, X, P) GY = pow(G, Y, P) K = pow(GY, X, P) K_B = int.to_bytes(K, P_size, "big") print("----- FFDH KA Test Vector: Key Size {} (K without leading zeros) -----".format(P_size)) print("P: " + hex(P)) print("G: " + hex(G)) print("X: " + hex(X)) print("GX: " + hex(GX)) print("GY: " + hex(GY)) print("K: " + hex(K)) print("----------------------------------------------------------------------") K_B = int.to_bytes(0xFFFFFFFF, 4, "big") while(K_B[0] != 0): X = random.randint(2, P-2) Y = random.randint(2, P-2) GX = pow(G, X, P) GY = pow(G, Y, P) K = pow(GY, X, P) K_B = int.to_bytes(K, P_size, "big") print("----- FFDH KA Test Vector: Key Size {} (K with leading zeros) -----".format(P_size)) print("P: " + hex(P)) print("G: " + hex(G)) print("X: " + hex(X)) print("GX: " + hex(GX)) print("GY: " + hex(GY)) print("K: " + hex(K)) print("-------------------------------------------------------------------") def main(): P = int.from_bytes( DHM_RFC7919_FFDHE2048_P_BIN, "big" ) G = int.from_bytes( DHM_RFC7919_FFDHE2048_G_BIN, "big" ) generate_ffdh_key_agreement_test_vectors(P, G) P = int.from_bytes( DHM_RFC7919_FFDHE3072_P_BIN, "big" ) G = int.from_bytes( DHM_RFC7919_FFDHE3072_G_BIN, "big" ) generate_ffdh_key_agreement_test_vectors(P, G) P = int.from_bytes( DHM_RFC7919_FFDHE4096_P_BIN, "big" ) G = int.from_bytes( DHM_RFC7919_FFDHE4096_G_BIN, "big" ) generate_ffdh_key_agreement_test_vectors(P, G) P = int.from_bytes( DHM_RFC7919_FFDHE6144_P_BIN, "big" ) G = int.from_bytes( DHM_RFC7919_FFDHE6144_G_BIN, "big" ) generate_ffdh_key_agreement_test_vectors(P, G) P = int.from_bytes( DHM_RFC7919_FFDHE8192_P_BIN, "big" ) G = int.from_bytes( DHM_RFC7919_FFDHE8192_G_BIN, "big" ) generate_ffdh_key_agreement_test_vectors(P, G) if __name__ == "__main__": main() Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 80 +++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f1091787b8..e8e1e009c2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6638,6 +6638,38 @@ PSA raw key agreement: X448 (RFC 7748: Bob) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448 raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d":"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d" +PSA raw key agreement: FFDH 2048 bits +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"718ab2b5da3bc6e7767a98fb2c172bd74003fae2acffbc9a53d9b358401c1c748da36cab277e9397bc5eeec3010321d0f882d959eb097adddc99745526b213e30dc0df9fb1e4cd3fc27bfb1d6e89c715373439a66b9a13aa1334c84799827c17be1c36c1bc02fe60ea698da790fe4d2af710a435a1aae7fb11cd2a90a17ad87dde4f154b325dc47d8ea107a29d10a3bfa17149a1f9e8a1f7b680bfdca90fb0913c0b681670d904de49d7d000d24060330d4d2e4a2381d78c49e272d313174218561ceeb37e2ef824905d0fa42d13d49a73018411aeb749f7f4fc765bdc6db58bcebd995d4c949b0061f20759e1263d8f9ba3fd56afda07c178997256bb7d5230" + +PSA raw key agreement: FFDH 2048 bits (shared secred with leading zeros) +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"9156de25da686a831ca0645bfb49df73e4a126ab864393e943b3d12b7ad32cbf21709268bf918c4e03e9a3b54bd230d88f1ceaa2810fae5fd4091d31e76153daaf0da9168a7b39fa85acf618622efd1f70d5866e518f256d0ff90a0c468c41a329fb1dd837b18a4300be0f25b108fe7210705cdc0436df84592c1a8b372c5028d67ed5231f846452c942a5f087b3830aa139b0b045a7ae38903497e4ddd0585ce20504ff70e13dbadf77a73d5514eb9c38feeae3cb773311b360f8304f67cf3f2282e4aad47f1494b5823ae2196a23ca426426bef427e4056df1f9144b20bf0b1f6da451f8eead38fdc5bb71074e4d43e21bc6fa787a681c0ef92c633d73b348":"8a73c0f5d874a2afb718efa66f78c80adf713562145a9f5a1df5f2bb9ead8827eb518a769dc089364768b27b2e49ca465ec7c0710b3054ae256aec25de72bd435b3ede0e17ab50cc8ed102fa6a83a9f09454e59e218b894ee130fbd772fb95a83aba29c6b270daba1f3842b2eae2ad1eafe7945888a55cb459547d6cb0b276d25218df8948a86e49f3fefae9c5b30ca8a7fd1bac1c3a5cb4dedfbcbb5c6e5bafbdf8ffcb37d245260d00658450fad1ced83b5afedc43def222c7196f0531e101b3a777e5f5141597fe8c093485d0c8cc752b03e7f551ef3648b1da330fe3ba5dbbb9f11c1a44ef6c0c9c492b6140391254abb7ae8d3e77b4655ab6dd155ba2a1":"00a376f5bed9c27cfa7fa6e01ecd4094b6a189a6184270ea22cb5b2649a6c4b33682e0625536f7d61722fe85381d8ead8b283496db84f8e6b2eb7c5b015eb15c9bfa5eae290612e2aef4014d6bdce902f5907f73f6722d827b73297d14aa677ed1b75bc26785bb32cf60bed1d9467b2ac069ebe48ee9196bdbaa4565f9cfbff3c31e812c58d65bd5b4c45751d1439930d2ea237030307623a0b149a21077397ec5e2c50610c01f76cdec43ff2f9177a0b3a2b18de2a787d42b6f8bdacdcce49a6884f38c5a729e54ce616da439fc9fd6d7d266188b79e40800f22b8c21adcb1f8ffd2f5225e3dc4c485dc4df8184c04f0dea3b2c3f9b04e42e229fe1a24a77ba" + +PSA raw key agreement: FFDH 3072 bits +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"ff5de4e90966aadab8299ddbf8169af2c0d8d0d99a17b4a2e62ff55b36a69fe4566a775970dd0c2904465884b75b67756b0d04b68838e80d8bc84a741cd67d735ba7aec9b55a30cce1df81203fd5deb57bbec027846eb010054b4d5b911041f721358fc8acfc9c5f06d76932f42103adcde97d5607d93303a94fa9f9caea7108ce67a9ce866ef11b2b4ea8c2acb27340735ee8c64e7516e17bff3cf3ede166767f30cada892997f6b5309fc2cca54364678b93d044b4d8e5570e1f64127fcc21d8724fff275290d803df5fa413ec2f5231ce75a58f14a467cb80cc3c4f1f0a4a62ecc17c65f2723d3f7f804b2a02c91adbfea1b2bbbc9cf9a38df29da92a71375447c81c55b8fb4086f71d57e3260da06e08393f6329aa35e673a75545dee66d01e0c7243412c6e2043a984849b67095be3fb3bf39fff291639c57e44fda5d7c1898327c40c1815e88efe0330b4481e462d30e235f607dc9e53d99521f527d65bf3edb4d0332d6d074e652e84a2ffc5d75d1734b55f3b446db122af2a502f8a0" + +PSA raw key agreement: FFDH 3072 bits (shared secred with leading zeros) +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"1c357f078144dbbf6815e798fbc6d98037a65bbd01961c6eb82d1f97bd0993132cfbba209e95e8a231e3bed2616b41119cc5a2f97d5da71ac2d6d0a6617a4e7b5d61857627cbfa57161de3aa6a2afac23f50e4a35dca1a82376879e695892a88323af1c0728eb1a76b2d3a1684df3f91ced0728f954d5349981cec5e309137f6d4e837d22f24a13fbd7985e2169b61aae812a68a1a4b3427b1e9f8612002b5fd711b9c9518c777c4e554a5109c9f079b929d5895df748a24d659d39e787076a1f1d9237a89b52c296644165d2625c541ff5052371093046f4b6abc28d3d2fbb4eb1cd2aa3d393a030f71c7050681b017febccd3bb947c6dbecf6fca28adb2a0f06e7cd9a6aa6eda160f0a3098bdd7a719f31beda56ffa0e26a212834d0da1f53e0739ef3ddbd119ff61b497d420585e3a8ea7cc3370829297da76edd3fb701d8efff6116dd87e6e542e82a76ab76cf5a75eb4638e817679fe06a5a3f04e67a101d154f4c2ccbf70b8bec0e5663fdd838ac0f4a4da02f0071e514b6c6d0ff3358":"17ec74c211f655be646c2f006056230208dcff38644efc429591562f3869f867e7b79cdfb3e426fef60ca77d9fc80ea39e21ec060321bab3c7820177eba4242d0cd9f0301e4da7146608409add169ed05dfda2702a437f3e2b8cd162a0e50da2682433d50c37cc1aeabc5c7cd8fdd359381a8d192af00d7f41b8c049b1e552b832224b40f9d85c4307f0b76b0e2605858fb33e594ac1d0c04d358209ad47133e76fa8dafd0f2370b1944a4780138618eaf66f6d4961c584aa7a34bcc1c78bbd15e7f5a2b8beaa8f66819dc04eabe08b24cabfe69e2b78a12470162ba6703bbbcf34890b8af761d36c33e3b72f631dbc5dd6f1fbafca18a8498623ea00bd9aa6b426da30e2ebc27075eb589b237d1dc54e215a6b6ec40220f14e320b72c5f702ee496b53a63edd5620294d9be88a862544c561b4e175ff3c094ab3adacc579334cb95fa2d29b17fa483ba50d6270b6478ce4f26b564bec6ae82a60e2c15456c4610b6567ba7d91218b59a670c517179d30d743751ae3c3e777ec1f29af890b2ec":"00abc3c15e3f8156a2785949d76c96c22fffb49b0701c29fb6711b51af0ce2851a8b469b4cb25750e2c35938f848f31f179470e3271eb6b8780ad5d757a2c1353f825baf55e5c76fbf4c73d2f0cdab409e8c4f85c3001da101cc97bea764c72e844cfad5f00cb8a81a5bfce5a4bf62b68ff2d13515064b17f23b7f6e6a65440856715d2696fa1957cc022b29e38fdbb8c2a0a54e22595ed66bc4c74c36d525b60900c7427274a9d60ea289a04715a677fb9c71eb1dbb38e30f30b2af8fa24f18a5a13e9f6ee83aeb4ec3f9452986399e2673ada70826b0a84cf446a21cce41e5119bf50798bc5fc9ffca9febe4ffc9d64f1b8abae11c7c8f5da0da2288b0f7a8aed286af03d06cdb1914fc50054bdd46c289c18b14297c4254b39ab5fd719264841b981c6531a80ebc8a59ebdfec9ae0413f3f9795622fad3bd34778e539ae104b8a85918401b10a3802a81db413bddac66f83b6428a33fe5c217a2d0feef50c8ef933d6e3d0f10d8b8630c52c89ae78385716efbfb855729ad0e5ef39828e6b" + +PSA raw key agreement: FFDH 4096 bits +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"262392693c8ca0da404d0195742df69a6b87d22984765c91e3c9dbbc0293960cf1f9deb7a25998a91f8c6b9756224435fc143f31690af35eb211acffec542c8f8fbea3c9112d666639d40a699467bb195815b8b816363ca44baa4df22eca425fa9ab1471ddf045f4e252090663c1c536dd29623c324c7e18b694f83a6c655fb3d95d5a9831ccc9978f66916e95aff49d973f322e2b43f5632a19d79d615a56539aa2ec8f4441bbf4f8016f8c23407e371e9de212c6f1d7d3ca4093c2648451eef68c03aa251547e94046d5fbdffb5cdc0f713bc390111d6727fc1d11243046203ad6632d91c1df3efa77ce530ff26376a208349f2b18628422c9ae13ef84f4a15c1e05ce5fb92ff55547943db4727d091308deb85f54acb94d14411049924b79da131e736a9af42a3fa7139d0357925f430c6cd4330b01ff66f5f8cca26f4230d562f45d5f75bd6d133114449205263c5631f3d561e2ed81e6aa54376094757cbb6f6857c03574e9f6042dc80ea78be470b836c5371a3fae8c119f67c28f856fe70c2affb46574a4356e995a45bdf35e50a6f3a2556d3d1d7c42db8e63430933ffc4783d571908a1270a3cd20d87678cc288ccc183c7cd7512587536a8e15267dd5af0ad3b501ecebc0ecd9ecfd410ce356f9305e4a32cfcafa676da5b5a9ed9b13a5e4cfc06e87310ccdc3ed988699610d7d3125de13a8ac0b59f782859f0b1" + +PSA raw key agreement: FFDH 4096 bits (shared secred with leading zeros) +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"d39cf86d9d81011fc48d3bd489decd4cd520ba87e469b5899fae777109ff7b43c8c809814521a8d66ac33099c9bd2a8567a202c21a8b5457603ac1ce95ea9ae705efd69fb7c514295059938d818bb65b7c881d1ef9541346be2131143f51db13109e9a4fdff1ef2208839c89eb1c1d52018c77c33f5b7e73a747002997c75f4a3dcf15e7cd73938ece0cdefc9fcfa2c4b1c3416eb2fecc00ce328b0b2bead58493b3e8c25d3c0a675bf6ce2363917d1e74a7987a464709fcfcd1b512b67dc1023ade2cc027109169ffcb51625fbb0c607946a6009811be07047024bb6e517f388a99a08f2c73b7e0b779d8469797eb3153f2e5ddde2931a8f97c586e20c5e521b84d015a52f8e13d5fa34c32bc118b62d34cf157f1db40423f384a16a78c7e1569a5d754db6216f6412abfa7c440586c506d5be88d5172a311b8f16f70a06162dbab6ee09fea55c47f6538d3775d236cfa50824f5c8bafa44bcd9424aa620ef17466413f35aa6e6eb5c8d8a26a7ffd6e8bda2dc5ada4b296885635fc8a73933de059ff403fb0a322bf6daba24330a7be204c307f44260b4d34000d2142f79654360af82179f9d5e18e8f47c7d94a10fd077f011bdef578a2b57d5a382ca404f67fd3c59d95a3481f1311c7454bb45acba1e1c30acb6a9fbda70aea30a9ca76471dc46e504abae9a06eb9a8cfed83143cffef3c530b03185609a55484aaf9f677":"b7baa37aca4cd56e4107c3e428a7a568adbf678e741ad89f157f66803370618abfd8ec7c159d84a741c276ea119eaf2ec1bc4431a073d92de3dbca1287a37522b2ca4ef8c0a0fa76c1dd5f665d498ae62e5e2925b6d921d797d76d86e27ac8286643c19a2a2b1361fe7dd772766e9511127fd0cf92ad98099a9e1760ad969be0a7df4936f1b37455cbfe3a1ac9b3b83205594f018bb5f64970371d4e5396f4c5e8cf0cffaa4525ee811b39632551af470efc435fab26e3cbd643feb0113bf56fd4bced3ad743e55be2eaefa7d36833f56af570ff773a3a3cf649b1ef62fb300c4c5a70d70e4d6ba1ca405483f036092f5b9f94960306515fcd4a0d8a086d826c105924d05ce5ee3dd7c62d61d1a460772b169fd943824e0efffdde3f27439e112766780bca7b4c82a2c8fac1d18894fcbd40ea5f7f23aa27024870404cf1832cfa025df193f31aa275fc685fb348c321a2186adf32c9cd203cb4b1c49b8afffbfe11e1d443711a5a1da302fa0e52b5143e6ae7aa40ed4828d03a17443f04061f56c2d3b83298d617cd3a78cd84233dda83c4e541e9b98f0f4e7fed504f888ac929f0f3e00e3569e0f0aa95dd811297efa8af84c645d59bb6c2e968c1ba77772d858ff2d7448b65c723f6a87604ce938b670b612b3eebaa795593be2cac1d631c1b7d9baccb2cbebda6019eb42469ae4209a953f48c3cd438cd1b7b06c8c54819":"0053ad8c14e1ec87d76bf9127e084beaead313bf93f0f241442316af144097077da91c83d68c78692dd952036731624ec8ea8bf8bf85f7a278289f667bd5d92a6aa2e41337ee9e6089f8ead48ff7e179c80bedc10fa6e6e0c1511f33afe96f0890e6ef9b6f981f8337e60ada56ce0ed30ab1f6f8b72a3234cbc77db017c470d549173ae203cf73b4a5901a4edf713a866069bc7790e799becde1a088e8c3e3c41ac8f9c9abf8561af51f738577e183197c85e5d3ea5bfc6471577e7daa5cd3ed53f7e72849890d2d1f8ff0a830a1ce6283dd61e5e04b25183b42074e193cfde4ed2e35b25fb57715f74290a612d21e404394d9bc4116952cf962c14149287cf71d7c8bc26a9eac0231a0dfc4ed68fad9ceb195f82ca0012c8c9ff4350bb0a2da913af26fb0f0940541dc3ad788d3cc8512e0dfdf7e5f9604437492ed8b52c5b0eabfa04231a90abbf1b29298f33b55c4e94fe7af4aa94b572d4a7f4cd67de41b90f3224b9ce57d6656835560a8c8d22496d8dd15ac37866dc1b04cdbc23847e5f2bd8d1a5639c6e91612ceba11bd1125a75dbed89f01ba738bd27ca0a788fddcec35b823f986d5be1acc037f56d236eebedf8ec50e831f532194a62740ef45b49511abbe51b7179ec04b1aa752c0182dbef3e099579fdfe2624848bfa1c389a06039bff756d4cc0cb9cb4cc2fd382336afce62a20975409e0fc5a45e7a83416c" + +PSA raw key agreement: FFDH 6144 bits +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"ede0361026e81a9ad960f674de49449f12ee33c2dda7028c6b7fad7f8f8a7edc495621a6d13e47847873a954adfe7bb6a2ed7c9bc21f3b57458d9116ff4ed06cfca40e2002a70bca91a9a9e0475dd74be7d58453d3cc155ee0b0be20197e14674a7a6f8d903e211cbdbdad1e3383d0d1ae6b4d56837671589d8f151acb34bb4d1cdda55a0f9d1f70e80c61553fd0152bc871e930054efe763fdcd1f8fd1702afa61b3471e7a504612c58ab05ed581b34e2a884c5dd8d2aa919855351719e2cb290d00f0b161c104415f5579731072c1382508421c8d674113b2fe25a0e979455c8f145285ed3d32b744153d3ffab7625a3173440f026ecc62d9dd1bbdff6136f5d9d5245ff307eabfa91f6a10e7cf62a889975c0afd2f707eb8a43c2499c05029ca613edae2741f8e56b186a6390fbb0962323ed6c492620c1c8a24f9a89f15c00bd7263423e714db0fe0381556a15a8e4d1b7383d52fd524425e0200f9d410833330253306b1c23c15c08310bfc12b48131c120db8444d34dd951c5fd6df44e0eecbe92ad5f13641600db68d1d2c7d8ff460058c09d89d4febf2fcaacb40c900e19e4dc868a24ec61361c452541a0fb13da53d61b59806e0598985031e161a2e887420e4c6ce217587c72cd3a7b3085d2383112e1066277ed63e82ec16ac6dc7ce0ade255f30275b9798d4476f31d8d237c4d79b13da9dc6ceed7fe626e4da6eb6cfd234b8fdec4fd4520898b13a77aa034361c0d63edef55595e3e638b48c1c00e8c683c8cffd9fac2a33f73e04aff1f4624669057c7faf51f996e3d64bea3097b4810f99c8f078887be2440f67b249467eb26a03210b4d2baeaa8dc9746a14a6cfb45297e121eef8540eb438270403105c11ef4fed87127545b81e37ee1f942605a5a46253752351dee91d0a171031defa9dd20cbb942e3940fa43542f6fbcb0980f6ef2b36297527f7c0d47e36ea203ab924e937ca10e9d9e64c6419a061a300f86ffed0e2e72a1f73310efc00118dd315a6b01e19406471e071e4c153e2216d525195357fedf3d1f12d2c1ca659bbd1a6d1fa28b6bfb648deec17f8a894" + +PSA raw key agreement: FFDH 6144 bits (shared secred with leading zeros) +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"8bc903e9b5b0742e86d657f64082205c1d50268b8d1d9260e5474e8b686e63adfab13484cc24e35b6f43f5e998fcd7d92c4aece9eb30b0f51b7a2200911e6d38b41da23f04e37697b6a7ac053d15676b75538aefb6693be8eda8b7d07b7611fbc9673e98d8580131cd3462d8851ab00f5831497cb89b4fdfd597a4fc84a9fe1a28ca3ceb17b70334af2414fff73584f2a21fda89c10e2b23a4b454ea4cd6d901312e52a557d45b9350dc8e8b08eb31a73095f014efebf1336ea2c4938fd477f90da212c92eeba483d784b377514c3afb7e34f8dbd6d4ca281aa0bb9167d6d96894b225deccfee7453739becb849c1f381720a59836df967d6525876509515014e46b0a8b27afd304b5db238dfdbe14afb8fb1433b05a00654abede04978f84116e4e3e3a6bdc9ef558dbc1a9cc5c5ba1ee4bd8654845f04106d3b1b48b3208d109aa96609cad246e543d94683b8963e13597dc4aec21b0959e7e6d73efc91ff2b9b52f0e9189f0619264b9893f9289dd8e9bd6d3cbccf079ab8fbd525151e704bd517ee8f29505046620048a684883e6fb858ce7b9e72ea35ae4ad7ded04f39e37a3056b6b695ef2032cb5cf99e22ce5500ba0315aff86516c42b1288c94b46dc0548c7ba07c2b2ca8423b9ba4782c1d4626589ae2b325917484f8eda07f2071276d3fb78bb71a5c501396302eacd1b07b28487c580c5ec5be236e1ad4fcc434325b24a2409c236a85f7b9e0e66f6548a1814c519919d8215b0370b9b3256aa10a28a05f0d2265f6fa7842dfbc67c8f32e9fe12d0df647665ba9809349e5ef6911a4755330d004de03e598cbd7e2b80c259d9d66050177df8984263a7c53abb5ea3157945b727fbf1866649260e321a7ad5eaea41639b35ed6e98b74ab679eab93e5873857342fbb55cda604f57222555631741aa97d74b5eff885aa45ce5a25d34841aa0ea4ea317267e86c45f713c81c3de81cd6eb252053544a5dcacd9f7388704bda8acf83276975f03bffd403eaf199a7a1367d2e6b40c7d94e23679b6520eb40b5d61f5f56c6939f21a4f1dc00f13b5cdcaaf827c760a6e4a9c5601961":"b3795eb1aead05ed8b950e0a00fa12ac0ce4679e6f7715ffd8b5df04e5b068c82210482d3a377b224dc7aec1dfb7e4d635b9fbc22a5534b6a4cb50d3c39cd0dd5e0ec45ea69a3296b83ce89b5cc0c5e15e4934212e8c33ed23939912d0cd738eaa949f763450d5a07fb1540207065f1159a55af7f80bc48c49f88164cd4492b0020902c78295dacfe593fedc1914ddefebf45b5eccd6830681a80c853a3f2389798c391aab3baafd578ad0bf0dfe5b63fd05835e215c6850c0f61e48698053fec9281f0a11b45cc4e259b310a9720456c481031e0467401afeade395ab9b664d9fdb42f953aaf9fb6501c2e105868201ef26d58d31d473c676c751bd892a84a59441f92f7b6ba49a7e385b3d13f806e701a7c339d37e5596414631ed95908c7118f45250acb68f6f2d9ea4bfcb85dc75d21a03a5dc2b86d41cc55753a72a185ce94d20cb897f8759b4ba41e56fe9cf6edf7ee733581589b319e85300b7f479b093030e2d345584e2934dafddda62701404b628b2f25a15992b7ded6271fecb37b817316a908ede803285da3b57986196d59b164692384d469c09b4551b37862d588294a022db7deca641ae90f9a96d75612d55b673213419a450f7ccf78a2fdad291f6c905b5e1a0bbe90baec1c2706d7d81ea8f6d68d350004ea00f24009f6121650547e84b3edb66d969af206f5011ededee736eafe4100e4625ced482caf2cdf6b4465927d8fb138bebaeff652d6afa0fbfd03ea03cf70e80bd95ade41443b85bfa1c56f770f123ba3666412cc2c6997de49e90d7d9fa1722894d6c4f7dfa349e9a9c400eb59b4ce4f6a64763359ed1bf2327f552052070bd4bd2fc1a816e8eddf72645e7fb0ef10bf9c5dee2b386ee2258c99f8ec5b91d8e043b9411870c6f02d2df7863359e46e732e3ffc398993a232d812f934737c503f9d3532d4126c72d5dabf8ff9d6da214fb9571ad180935cb6d01ec1404c85346d9ca858adff2a8ae87ae2d9b99c3ea1557a801703bade1d349410304dfaca488cd5b90086dbee91d60c7dba504721fd54b38fa0835cf70b2f48837430476d5fe8349ad1f2f38":"00e17befd66905acec575c87804c61c047abc9a724db6337e34975980eb0395cf4da8c956c823fa23c52b901bb58a9d26eff282dc6a0f588d71a1636bb919ca1d564f400d7a8e909cc9c59cbaf18f09d5a2101a7afd32687657a3cd1b00148cc84411ff3f07609acc8c07eed678162d1d69280f1072674dfc1d6819d45d8710e2be12402b06b846d68f4088895ce64243f24156c1be33031dac21fb60916ebfdc3939a6bcb012c66c7ef748e30f43bcc08e13c5dea85703a4928166501bb1eec25e61ba5c187531bd982fb310e56656cadfe4f7f756c8b71062388d50cbb70a7d07220912891c4c736ef1ec6390d4bc12803f20c8f1ffa7f41996ce3c8ab792753165fc25d2c1b373f5664c38ed688b4d096a34bf2669e8245bb55ad4c0ad51206fd082969bef351c271b103aa1592889536a2b9ed18e02035a457735317bdca6b7f7104af64d30270c732cfff302d7b82c1a602f16194ea62290c1ed35e93911a62743b3d1bee83c01669320408f2219f2d53c926acf014150ab47ddcee73c6159b368ab26f4da25c5440f79fb898473bdc2b7c333cff7cc5f8332b43ba1a49c327bc5b5ad9459afabf5e9c8421cee51ec0a6821e7af83af0ba2857ef2dd1417b250e2e1e14045883a26e3c70404c53998daf94d8452ade76e0e886324cc6301cdd40d04be33c59ba11bb7e5ef62186647d3891b221bd955e109f5b9b3dc625b44cbc3359e8b2dc4b90171d4a0a47537e095e0108827b3228e6ba325e935a2eb2eb82985443c7691ac208d55ca8d7200adef6c9b9e224190f672efbba75554a4c72af539c70d0bb7af67ada46a2c46311a91bd67d7ce724581695f6b4b2c0a58cd23b84873a76556bf573e447fcf583395895600aca30340ba327b44df33b1aa5c51f515c542c37fd9dba35534f94383300c23ceb8426e46ada509e03dd06fc2ea3fc6b973ef02dd6cb6adc36d76158c21dd8975c0eaa3d50082b53d328acd5894a1229c27aabd513ff6d8de6e2e780ef8342182182f85a89e6697452166f4e012a6f3f137c8d2a5e279e1f490995d9618f177acfac9f16f65bb89c2087e7b5" + PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160 @@ -6666,6 +6698,54 @@ PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 64+0 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":"" +PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 256+0 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada":"" + +PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 255+1 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27a":"da" + +PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 1+255 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f":"6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada" + +PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 256+0 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6":"" + +PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 255+1 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73d":"c6" + +PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 1+255 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9":"f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6" + +PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 256+0 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87":"" + +PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 255+1 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de":"87" + +PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 1+255 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01":"ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87" + +PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 256+0 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c":"" + +PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 255+1 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce0":"8c" + +PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 1+255 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"10":"5d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c" + PSA generate random: 0 bytes generate_random:0 From 9e65a81ef8f73e4cf0b5724a0585d16cf919427b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:08:32 +0100 Subject: [PATCH 098/483] Remove redundant test case (PSA_ALG_FFDH key agreement is now supported) Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index e8e1e009c2..171c5d9011 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1203,10 +1203,6 @@ PSA key policy: agreement + KDF, not permitted depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED -PSA key policy: agreement + KDF, wrong agreement algorithm -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED - PSA key policy: agreement + KDF, wrong KDF algorithm depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)):PSA_ERROR_NOT_PERMITTED From 7cf26dfca3baeb552c5f3cdfc5df8eaf9540f9a4 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:09:40 +0100 Subject: [PATCH 099/483] Add sanity check for FFDH key excercise Signed-off-by: Przemek Stekiel --- tests/src/psa_exercise_key.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 2656deb437..dc7c971ff7 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -789,6 +789,9 @@ int mbedtls_test_psa_exported_key_sanity_check( TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length); TEST_EQUAL(exported[0], 4); } + } else + if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { + TEST_LE_U(exported_length, PSA_BITS_TO_BYTES(bits)); } else { (void) exported; TEST_ASSERT(!"Sanity check not implemented for this key type"); From 359f4625a3609168d80e73330d248c9a1e417a82 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 5 Dec 2022 14:11:55 +0100 Subject: [PATCH 100/483] Move FFDH layer to separate file Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 231 +++--------------------------------- library/psa_crypto_ffdh.c | 241 ++++++++++++++++++++++++++++++++++++++ library/psa_crypto_ffdh.h | 115 ++++++++++++++++++ 3 files changed, 370 insertions(+), 217 deletions(-) create mode 100644 library/psa_crypto_ffdh.c create mode 100644 library/psa_crypto_ffdh.h diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9de7cd7db4..5d8540c37c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -35,6 +35,7 @@ #include "psa_crypto_invasive.h" #include "psa_crypto_driver_wrappers.h" #include "psa_crypto_ecp.h" +#include "psa_crypto_ffdh.h" #include "psa_crypto_hash.h" #include "psa_crypto_mac.h" #include "psa_crypto_rsa.h" @@ -82,7 +83,6 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" #include "hash_info.h" -#include "mbedtls/dhm.h" #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) @@ -1407,211 +1407,6 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key, return (status == PSA_SUCCESS) ? unlock_status : status; } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) -static psa_status_t psa_ffdh_set_prime_generator(size_t key_size, - mbedtls_mpi *P, - mbedtls_mpi *G) -{ - const unsigned char *dhm_P = NULL; - const unsigned char *dhm_G = NULL; - size_t dhm_size_P = 0; - size_t dhm_size_G = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (P == NULL && G == NULL) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - static const unsigned char dhm_P_2048[] = - MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN; - static const unsigned char dhm_P_3072[] = - MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN; - static const unsigned char dhm_P_4096[] = - MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN; - static const unsigned char dhm_P_6144[] = - MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN; - static const unsigned char dhm_P_8192[] = - MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN; - static const unsigned char dhm_G_2048[] = - MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN; - static const unsigned char dhm_G_3072[] = - MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN; - static const unsigned char dhm_G_4096[] = - MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN; - static const unsigned char dhm_G_6144[] = - MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN; - static const unsigned char dhm_G_8192[] = - MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN; - - if (key_size <= 256) { - dhm_P = dhm_P_2048; - dhm_G = dhm_G_2048; - dhm_size_P = sizeof(dhm_P_2048); - dhm_size_G = sizeof(dhm_G_2048); - } else if (key_size <= 384) { - dhm_P = dhm_P_3072; - dhm_G = dhm_G_3072; - dhm_size_P = sizeof(dhm_P_3072); - dhm_size_G = sizeof(dhm_G_3072); - } else if (key_size <= 512) { - dhm_P = dhm_P_4096; - dhm_G = dhm_G_4096; - dhm_size_P = sizeof(dhm_P_4096); - dhm_size_G = sizeof(dhm_G_4096); - } else if (key_size <= 768) { - dhm_P = dhm_P_6144; - dhm_G = dhm_G_6144; - dhm_size_P = sizeof(dhm_P_6144); - dhm_size_G = sizeof(dhm_G_6144); - } else if (key_size <= 1024) { - dhm_P = dhm_P_8192; - dhm_G = dhm_G_8192; - dhm_size_P = sizeof(dhm_P_8192); - dhm_size_G = sizeof(dhm_G_8192); - } else { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (P != NULL) { - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(P, dhm_P, - dhm_size_P)); - } - if (G != NULL) { - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(G, dhm_G, - dhm_size_G)); - } - -cleanup: - if (ret != 0) { - return mbedtls_to_psa_error(ret); - } - - return PSA_SUCCESS; -} - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) -static psa_status_t psa_key_agreement_ffdh(const uint8_t *peer_key, - size_t peer_key_length, - const uint8_t *our_key, - size_t our_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi P, G, X, GY, K; - const size_t calculated_shared_secret_size = peer_key_length; - - if (peer_key_length != our_key_length || - calculated_shared_secret_size > shared_secret_size) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); - mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); - mbedtls_mpi_init(&K); - - status = psa_ffdh_set_prime_generator(peer_key_length, &P, &G); - - if (status == PSA_SUCCESS) { - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, our_key, - our_key_length)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, - peer_key_length)); - - /* Calculate shared secret public key: K = G^(XY) mod P */ - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, - calculated_shared_secret_size)); - - *shared_secret_length = calculated_shared_secret_size; - } -cleanup: - mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); - mbedtls_mpi_free(&K); - - if (status == PSA_SUCCESS && ret != 0) { - return mbedtls_to_psa_error(ret); - } - - return PSA_SUCCESS; -} -#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ - -static psa_status_t psa_export_ffdh_public_key_internal( - const uint8_t *key_buffer, - size_t key_buffer_size, - uint8_t *data, - size_t data_size, - size_t *data_length) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi GX, G, X, P; - - mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G); - mbedtls_mpi_init(&X); mbedtls_mpi_init(&P); - - status = psa_ffdh_set_prime_generator(key_buffer_size, &P, &G); - - if (status == PSA_SUCCESS) { - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, - key_buffer_size)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&GX, &G, &X, &P, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&GX, data, data_size)); - - *data_length = mbedtls_mpi_size(&GX); - } -cleanup: - mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&GX); - - if (status == PSA_SUCCESS && ret != 0) { - return mbedtls_to_psa_error(ret); - } - - return status; -} - -static psa_status_t mbedtls_psa_ffdh_generate_key( - const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) -{ - mbedtls_mpi X, P; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi_init(&P); mbedtls_mpi_init(&X); - - status = psa_ffdh_set_prime_generator(PSA_BITS_TO_BYTES(attributes->core.bits), &P, NULL); - - if (status == PSA_SUCCESS) { - MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2)); - - *key_buffer_length = mbedtls_mpi_size(&X); - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer, - key_buffer_size)); - } - -cleanup: - mbedtls_mpi_free(&P); mbedtls_mpi_free(&X); - if (status == PSA_SUCCESS && ret != 0) { - return mbedtls_to_psa_error(ret); - } - - return status; -} -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR || - MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY */ - psa_status_t psa_export_public_key_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -1663,10 +1458,11 @@ psa_status_t psa_export_public_key_internal( #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) else { - return psa_export_ffdh_public_key_internal(key_buffer, - key_buffer_size, - data, data_size, - data_length); + return mbedtls_psa_export_ffdh_public_key(attributes, + key_buffer, + key_buffer_size, + data, data_size, + data_length); } #else /* We don't know how to convert a private FFDH key to public */ @@ -6802,13 +6598,14 @@ psa_status_t psa_key_agreement_raw_builtin(const psa_key_attributes_t *attribute return PSA_ERROR_INVALID_ARGUMENT; } - return psa_key_agreement_ffdh(peer_key, - peer_key_length, - key_buffer, - key_buffer_size, - shared_secret, - shared_secret_size, - shared_secret_length); + return mbedtls_psa_key_agreement_ffdh(attributes, + peer_key, + peer_key_length, + key_buffer, + key_buffer_size, + shared_secret, + shared_secret_size, + shared_secret_length); #endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ default: diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c new file mode 100644 index 0000000000..d8c153a215 --- /dev/null +++ b/library/psa_crypto_ffdh.c @@ -0,0 +1,241 @@ +/* + * PSA FFDH layer on top of Mbed TLS crypto + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#include +#include "psa_crypto_core.h" +#include "psa_crypto_ffdh.h" +#include "psa_crypto_random_impl.h" + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) +static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, + mbedtls_mpi *P, + mbedtls_mpi *G) +{ + const unsigned char *dhm_P = NULL; + const unsigned char *dhm_G = NULL; + size_t dhm_size_P = 0; + size_t dhm_size_G = 0; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (P == NULL && G == NULL) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + static const unsigned char dhm_P_2048[] = + MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN; + static const unsigned char dhm_P_3072[] = + MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN; + static const unsigned char dhm_P_4096[] = + MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN; + static const unsigned char dhm_P_6144[] = + MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN; + static const unsigned char dhm_P_8192[] = + MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN; + static const unsigned char dhm_G_2048[] = + MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN; + static const unsigned char dhm_G_3072[] = + MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN; + static const unsigned char dhm_G_4096[] = + MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN; + static const unsigned char dhm_G_6144[] = + MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN; + static const unsigned char dhm_G_8192[] = + MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN; + + if (key_size <= 256) { + dhm_P = dhm_P_2048; + dhm_G = dhm_G_2048; + dhm_size_P = sizeof(dhm_P_2048); + dhm_size_G = sizeof(dhm_G_2048); + } else if (key_size <= 384) { + dhm_P = dhm_P_3072; + dhm_G = dhm_G_3072; + dhm_size_P = sizeof(dhm_P_3072); + dhm_size_G = sizeof(dhm_G_3072); + } else if (key_size <= 512) { + dhm_P = dhm_P_4096; + dhm_G = dhm_G_4096; + dhm_size_P = sizeof(dhm_P_4096); + dhm_size_G = sizeof(dhm_G_4096); + } else if (key_size <= 768) { + dhm_P = dhm_P_6144; + dhm_G = dhm_G_6144; + dhm_size_P = sizeof(dhm_P_6144); + dhm_size_G = sizeof(dhm_G_6144); + } else if (key_size <= 1024) { + dhm_P = dhm_P_8192; + dhm_G = dhm_G_8192; + dhm_size_P = sizeof(dhm_P_8192); + dhm_size_G = sizeof(dhm_G_8192); + } else { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (P != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(P, dhm_P, + dhm_size_P)); + } + if (G != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(G, dhm_G, + dhm_size_G)); + } + +cleanup: + if (ret != 0) { + return mbedtls_to_psa_error(ret); + } + + return PSA_SUCCESS; +} + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) +psa_status_t mbedtls_psa_key_agreement_ffdh( + const psa_key_attributes_t *attributes, + const uint8_t *peer_key, + size_t peer_key_length, + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi P, G, X, GY, K; + const size_t calculated_shared_secret_size = peer_key_length; + + if (peer_key_length != key_buffer_size || + calculated_shared_secret_size > shared_secret_size) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); + mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); + mbedtls_mpi_init(&K); + + status = mbedtls_psa_ffdh_set_prime_generator( + PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); + + if (status == PSA_SUCCESS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, + key_buffer_size)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, + peer_key_length)); + + /* Calculate shared secret public key: K = G^(XY) mod P */ + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, + calculated_shared_secret_size)); + + *shared_secret_length = calculated_shared_secret_size; + } +cleanup: + mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); + mbedtls_mpi_free(&K); + + if (status == PSA_SUCCESS && ret != 0) { + return mbedtls_to_psa_error(ret); + } + + return PSA_SUCCESS; +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ + +psa_status_t mbedtls_psa_export_ffdh_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *data, + size_t data_size, + size_t *data_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi GX, G, X, P; + + mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G); + mbedtls_mpi_init(&X); mbedtls_mpi_init(&P); + + status = mbedtls_psa_ffdh_set_prime_generator( + PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); + + if (status == PSA_SUCCESS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, + key_buffer_size)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&GX, &G, &X, &P, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&GX, data, data_size)); + + *data_length = mbedtls_mpi_size(&GX); + } +cleanup: + mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&GX); + + if (status == PSA_SUCCESS && ret != 0) { + return mbedtls_to_psa_error(ret); + } + + return status; +} + +psa_status_t mbedtls_psa_ffdh_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) +{ + mbedtls_mpi X, P; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi_init(&P); mbedtls_mpi_init(&X); + + status = mbedtls_psa_ffdh_set_prime_generator( + PSA_BITS_TO_BYTES(attributes->core.bits), &P, NULL); + + if (status == PSA_SUCCESS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2)); + + *key_buffer_length = mbedtls_mpi_size(&X); + + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer, + key_buffer_size)); + } + +cleanup: + mbedtls_mpi_free(&P); mbedtls_mpi_free(&X); + if (status == PSA_SUCCESS && ret != 0) { + return mbedtls_to_psa_error(ret); + } + + return status; +} +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY */ + +#endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h new file mode 100644 index 0000000000..950646ae6a --- /dev/null +++ b/library/psa_crypto_ffdh.h @@ -0,0 +1,115 @@ +/* + * PSA FFDH layer on top of Mbed TLS crypto + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_FFDH_H +#define PSA_CRYPTO_FFDH_H + +#include +#include + +/** Perform a key agreement and return the FFDH shared secret. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] peer_key The buffer containing the key context + * of the peer's public key. + * \param[in] peer_key_length Size of the \p peer_key buffer in + * bytes. + * \param[in] key_buffer The buffer containing the private key + * context. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in + * bytes. + * \param[out] shared_secret The buffer to which the shared secret + * is to be written. + * \param[in] shared_secret_size Size of the \p shared_secret buffer in + * bytes. + * \param[out] shared_secret_length On success, the number of bytes that make + * up the returned shared secret. + * \retval #PSA_SUCCESS + * Success. Shared secret successfully calculated. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key_buffer_size, \p peer_key_length, \p shared_secret_size + * do not match + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_key_agreement_ffdh( + const psa_key_attributes_t *attributes, + const uint8_t *peer_key, + size_t peer_key_length, + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length); + +/** Export a public key or the public part of a FFDH key pair in binary format. + * + * \param[in] attributes The attributes for the key to export. + * \param[in] key_buffer Material or context of the key to export. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[out] data Buffer where the key data is to be written. + * \param[in] data_size Size of the \p data buffer in bytes. + * \param[out] data_length On success, the number of bytes written in + * \p data + * + * \retval #PSA_SUCCESS The public key was exported successfully. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of \p key_buffer is too small. + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_export_ffdh_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *data, + size_t data_size, + size_t *data_length); + +/** + * \brief Generate FFDH key. + * + * \note The signature of the function is that of a PSA driver generate_key + * entry point. + * + * \param[in] attributes The attributes for the key to generate. + * \param[out] key_buffer Buffer where the key data is to be written. + * \param[in] key_buffer_size Size of \p key_buffer in bytes. + * \param[out] key_buffer_length On success, the number of bytes written in + * \p key_buffer. + * + * \retval #PSA_SUCCESS + * The key was generated successfully. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Key size in bits is invalid. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of \p key_buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_ffdh_generate_key( + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length); + +#endif /* PSA_CRYPTO_FFDH_H */ From 1702d5a1f45c01931b3996634aa56873b7c59fa5 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 5 Dec 2022 14:12:51 +0100 Subject: [PATCH 101/483] test driver: add support for FFDH key agreement Signed-off-by: Przemek Stekiel --- tests/src/drivers/test_driver_key_agreement.c | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index b60c412031..843ebf95b3 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -24,6 +24,7 @@ #include "psa/crypto.h" #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" +#include "psa_crypto_ffdh.h" #include "test/drivers/key_agreement.h" #include "test/drivers/test_driver.h" @@ -93,6 +94,37 @@ psa_status_t mbedtls_test_transparent_key_agreement( (void) shared_secret_size; (void) shared_secret_length; return PSA_ERROR_NOT_SUPPORTED; +#endif + } + if (PSA_ALG_IS_FFDH(alg)) { +#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH)) + return libtestdriver1_mbedtls_psa_key_agreement_ffdh( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + alg, peer_key, peer_key_length, + shared_secret, shared_secret_size, + shared_secret_length); +#elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) + return mbedtls_psa_key_agreement_ffdh( + attributes, + peer_key, + peer_key_length, + key_buffer, + key_buffer_size, + shared_secret, + shared_secret_size, + shared_secret_length); +#else + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) peer_key; + (void) peer_key_length; + (void) shared_secret; + (void) shared_secret_size; + (void) shared_secret_length; + return PSA_ERROR_NOT_SUPPORTED; #endif } else { return PSA_ERROR_INVALID_ARGUMENT; From 0dd746d998e2a071ff750815029e41837f190284 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 5 Dec 2022 14:17:17 +0100 Subject: [PATCH 102/483] Add psa_crypto_ffdh to build Signed-off-by: Przemek Stekiel --- library/CMakeLists.txt | 1 + library/Makefile | 1 + 2 files changed, 2 insertions(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 5359883032..288024bfca 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -69,6 +69,7 @@ set(src_crypto psa_crypto_client.c psa_crypto_driver_wrappers.c psa_crypto_ecp.c + psa_crypto_ffdh.c psa_crypto_hash.c psa_crypto_mac.c psa_crypto_pake.c diff --git a/library/Makefile b/library/Makefile index 160aa6be53..5c4471eddc 100644 --- a/library/Makefile +++ b/library/Makefile @@ -134,6 +134,7 @@ OBJS_CRYPTO= \ psa_crypto_client.o \ psa_crypto_driver_wrappers.o \ psa_crypto_ecp.o \ + psa_crypto_ffdh.o \ psa_crypto_hash.o \ psa_crypto_mac.o \ psa_crypto_pake.o \ From a9ca13136c6591d492ecc5f015478275d817e3b7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 5 Dec 2022 15:02:32 +0100 Subject: [PATCH 103/483] Move check of the key type to mbedtls_psa_key_agreement_ffdh Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 4 ---- library/psa_crypto_ffdh.c | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5d8540c37c..98dad9d089 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6594,10 +6594,6 @@ psa_status_t psa_key_agreement_raw_builtin(const psa_key_attributes_t *attribute #if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) case PSA_ALG_FFDH: - if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) { - return PSA_ERROR_INVALID_ARGUMENT; - } - return mbedtls_psa_key_agreement_ffdh(attributes, peer_key, peer_key_length, diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index d8c153a215..6b07a7db82 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -131,6 +131,10 @@ psa_status_t mbedtls_psa_key_agreement_ffdh( return PSA_ERROR_INVALID_ARGUMENT; } + if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) { + return PSA_ERROR_INVALID_ARGUMENT; + } + mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); mbedtls_mpi_init(&K); From c829816fb629377e6778b7c5503eff025694da3a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 5 Dec 2022 15:11:49 +0100 Subject: [PATCH 104/483] psa_export_public_key_internal: add missing check for FFDH key type Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 98dad9d089..c7d1b766c1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1457,15 +1457,16 @@ psa_status_t psa_export_public_key_internal( } #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) - else { + else if (PSA_KEY_TYPE_IS_DH(type)) { return mbedtls_psa_export_ffdh_public_key(attributes, key_buffer, key_buffer_size, data, data_size, data_length); + } else { + return PSA_ERROR_NOT_SUPPORTED; } #else - /* We don't know how to convert a private FFDH key to public */ return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) */ From 87d9a4a30c9aa915c900abc31a580173b48fcd62 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 15 Dec 2022 13:22:11 +0100 Subject: [PATCH 105/483] Provide PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY configuration Signed-off-by: Przemek Stekiel --- include/mbedtls/config_psa.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 00b756fb83..14d2e2bc41 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -311,6 +311,14 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +#if defined(PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_FFDH_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY 1 +#define MBEDTLS_DHM_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_FFDH_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY */ + #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1 From 654bef0be087a0cd5841fef9b3699d91275c85a5 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 15 Dec 2022 13:28:02 +0100 Subject: [PATCH 106/483] Fix typos, comments, style, optimize macros Signed-off-by: Przemek Stekiel --- include/mbedtls/config_psa.h | 2 +- include/psa/crypto_sizes.h | 26 +++++++-------------- library/Makefile | 2 +- library/psa_crypto_ffdh.c | 5 +++- tests/src/psa_exercise_key.c | 5 +++- tests/suites/test_suite_psa_crypto.data | 20 ++++++++-------- tests/suites/test_suite_psa_crypto.function | 3 ++- 7 files changed, 31 insertions(+), 32 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 14d2e2bc41..93ea1a5743 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -301,7 +301,7 @@ extern "C" { #define MBEDTLS_DHM_C #define MBEDTLS_BIGNUM_C #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_FFDH_KEY_PAIR */ -#endif /* PSA_WANT_KEY_TYPE_FFDG_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 3dc0f2e6ac..361a1bf9ae 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -51,6 +51,8 @@ #define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8) #define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8) +#define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \ + (c) : (b) : (a) <= (c) ? (c) : (a)) #define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \ (((length) + (block_size) - 1) / (block_size) * (block_size)) @@ -952,17 +954,11 @@ * * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ - (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \ - PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ - PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ - PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ - PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \ - PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)) +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_MAX_OF_THREE(PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS), \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS), \ + PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)) + /** Sufficient output buffer size for psa_raw_key_agreement(). * @@ -988,12 +984,8 @@ * the return value is unspecified. */ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \ - (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \ - PSA_BITS_TO_BYTES(key_bits) : \ - PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type) ? \ - PSA_BITS_TO_BYTES(key_bits) : \ - 0 \ - ) + ((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \ + PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0) /** Maximum size of the output from psa_raw_key_agreement(). * diff --git a/library/Makefile b/library/Makefile index 5c4471eddc..51e7a15a6a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -134,7 +134,7 @@ OBJS_CRYPTO= \ psa_crypto_client.o \ psa_crypto_driver_wrappers.o \ psa_crypto_ecp.o \ - psa_crypto_ffdh.o \ + psa_crypto_ffdh.o \ psa_crypto_hash.o \ psa_crypto_mac.o \ psa_crypto_pake.o \ diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index 6b07a7db82..1e76d139f0 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -149,7 +149,7 @@ psa_status_t mbedtls_psa_key_agreement_ffdh( MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, peer_key_length)); - /* Calculate shared secret public key: K = G^(XY) mod P */ + /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, @@ -221,6 +221,9 @@ psa_status_t mbedtls_psa_ffdh_generate_key( PSA_BITS_TO_BYTES(attributes->core.bits), &P, NULL); if (status == PSA_SUCCESS) { + /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their + secret exponent from the range [2, P-2]. + Select random value in range [4, P] and decrease it by 2. */ MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE)); MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2)); diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index dc7c971ff7..61fc845b5f 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -791,7 +791,10 @@ int mbedtls_test_psa_exported_key_sanity_check( } } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { - TEST_LE_U(exported_length, PSA_BITS_TO_BYTES(bits)); + TEST_ASSERT(exported_length <= + PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); + TEST_ASSERT(exported_length <= + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); } else { (void) exported; TEST_ASSERT(!"Sanity check not implemented for this key type"); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 171c5d9011..4462e35d8c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -550,43 +550,43 @@ PSA import/export FFDH RFC7919 2048 key pair: export not permiterd depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_NOT_PERMITTED:1 -PSA import/export FFDH RFC7919 2040 key pair: import invalid kay length +PSA import/export FFDH RFC7919 2040 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 -PSA import/export FFDH RFC7919 2040 public key: import invalid kay length +PSA import/export FFDH RFC7919 2040 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 -PSA import/export FFDH RFC7919 3064 key pair: import invalid kay length +PSA import/export FFDH RFC7919 3064 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 -PSA import/export FFDH RFC7919 3064 public key: import invalid kay length +PSA import/export FFDH RFC7919 3064 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 -PSA import/export FFDH RFC7919 4088 key pair: import invalid kay length +PSA import/export FFDH RFC7919 4088 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:0:1 -PSA import/export FFDH RFC7919 4088 public key: import invalid kay length +PSA import/export FFDH RFC7919 4088 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:0:1 -PSA import/export FFDH RFC7919 6136 key pair: import invalid kay length +PSA import/export FFDH RFC7919 6136 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:0:1 -PSA import/export FFDH RFC7919 6136 public key: import invalid kay length +PSA import/export FFDH RFC7919 6136 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:0:1 -PSA import/export FFDH RFC7919 8184 key pair: import invalid kay length +PSA import/export FFDH RFC7919 8184 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:0:1 -PSA import/export FFDH RFC7919 8184 public key: import invalid kay length +PSA import/export FFDH RFC7919 8184 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:0:1 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 34bb5e206e..61ac74e86d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1519,7 +1519,8 @@ void import_export(data_t *data, if (PSA_KEY_TYPE_IS_DH(type) && expected_export_status == PSA_ERROR_BUFFER_TOO_SMALL) { - export_size -= 8; + /* Simulate that buffer is too small, by decreasing its size by 1 byte. */ + export_size -= 1; } if (PSA_KEY_TYPE_IS_DH(type) && From 9643575d92440b8efc91cb60b7f0270e23f5fae8 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 26 Apr 2023 11:50:14 +0100 Subject: [PATCH 107/483] Limit OIDs to 128 components The longest OID known by oid-info.com is 34 components[1], so 128 should be plenty and will limit the potential for attacks. [1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48 Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 5 +++++ library/oid.c | 2 +- tests/suites/test_suite_oid.data | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index b2f5dd196b..1d73506dc4 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -63,6 +63,11 @@ #define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14) #define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) +/* + * Maximum number of OID components allowed + */ +#define MBEDTLS_OID_MAX_COMPONENTS 128 + /* * Top level OID tuples */ diff --git a/library/oid.c b/library/oid.c index 139a707c8e..8da4103803 100644 --- a/library/oid.c +++ b/library/oid.c @@ -963,7 +963,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, /* Allocate maximum possible required memory: * There are (num_dots + 1) integer components, but the first 2 share the * same subidentifier, so we only need num_dots subidentifiers maximum. */ - if (num_dots == 0 || (num_dots > SIZE_MAX / sizeof(unsigned int))) { + if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } size_t max_possible_bytes = num_dots * sizeof(unsigned int); diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index d4a7dea21d..c5f13175b8 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -158,3 +158,6 @@ oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID from numeric string - non-'.' separator between third and fourth oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - OID greater than max length (129 components) +oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" From b6ff8a2c4bf117d67500f04f346d77604214055e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 26 Apr 2023 12:10:36 +0100 Subject: [PATCH 108/483] Add ChangeLog entry for string-to-OID parsing Signed-off-by: David Horstmann --- ChangeLog.d/oid-parse-from-numeric-string.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/oid-parse-from-numeric-string.txt diff --git a/ChangeLog.d/oid-parse-from-numeric-string.txt b/ChangeLog.d/oid-parse-from-numeric-string.txt new file mode 100644 index 0000000000..459bedc832 --- /dev/null +++ b/ChangeLog.d/oid-parse-from-numeric-string.txt @@ -0,0 +1,3 @@ +Features + * Add a function mbedtls_oid_from_numeric_string to parse an OID from a + string to a DER-encoded mbedtls_asn1_buf. From 8183c5dcc3624267493c3cc2f88488de587e9359 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 20 Apr 2023 15:50:59 +0200 Subject: [PATCH 109/483] Use core API in `ecp_mod_koblitz()` Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 92 +++++++++++++++++++++++++------------------- 1 file changed, 52 insertions(+), 40 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 16401079c6..029b515d82 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -25,6 +25,8 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "mbedtls/platform.h" + #include "bn_mul.h" #include "bignum_core.h" #include "ecp_invasive.h" @@ -5526,60 +5528,69 @@ cleanup: */ #define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R -static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, - size_t adjust, size_t shift, mbedtls_mpi_uint mask) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi M, R; - mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; - if (N->n < p_limbs) { - return 0; +static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, + size_t X_limbs, + mbedtls_mpi_uint *R, + size_t P_limbs, + size_t adjust, + size_t shift, + mbedtls_mpi_uint mask) +{ + int ret = 0; + + size_t R_limbs = P_KOBLITZ_R; + size_t M_limbs = X_limbs + R_limbs + adjust; + mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); + if (M == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; } - /* Init R */ - R.s = 1; - R.p = Rp; - R.n = P_KOBLITZ_R; - - /* Common setup for M */ - M.s = 1; - M.p = Mp; + size_t A1_limbs = X_limbs - (P_limbs - adjust); + if (A1_limbs > P_limbs + adjust) { + A1_limbs = P_limbs + adjust; + } + mbedtls_mpi_uint *A1 = mbedtls_calloc(A1_limbs, ciL); + if (A1 == NULL) { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } for (size_t pass = 0; pass < 2; pass++) { - /* M = A1 */ - M.n = N->n - (p_limbs - adjust); - if (M.n > p_limbs + adjust) { - M.n = p_limbs + adjust; - } - memset(Mp, 0, sizeof(Mp)); - memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); + /* Copy A1 */ + memcpy(A1, X + P_limbs - adjust, A1_limbs * ciL); if (shift != 0) { - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); + mbedtls_mpi_core_shift_r(A1, A1_limbs, shift); } - M.n += R.n; /* Make room for multiplication by R */ - /* N = A0 */ + /* X = A0 */ if (mask != 0) { - N->p[p_limbs - 1] &= mask; - } - for (size_t i = p_limbs; i < N->n; i++) { - N->p[i] = 0; + X[P_limbs - 1] &= mask; } - /* N = A0 + R * A1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); + /* Zeroize the A1 part of X to keep only the A0 part */ + for (size_t i = P_limbs; i < X_limbs; i++) { + X[i] = 0; + } + + /* X = A0 + R * A1 */ + mbedtls_mpi_core_mul(M, A1, A1_limbs, R, R_limbs); + mbedtls_mpi_core_add(X, X, M, A1_limbs + R_limbs); } cleanup: + mbedtls_free(M); + mbedtls_free(A1); + return ret; } + #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || MBEDTLS_ECP_DP_SECP224K1_ENABLED) || MBEDTLS_ECP_DP_SECP256K1_ENABLED) */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) + /* * Fast quasi-reduction modulo p192k1 = 2^192 - R, * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 @@ -5597,9 +5608,10 @@ int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N) 0x00) }; - return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, - 0); + return ecp_mod_koblitz(N->p, N->n, Rp, + 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0); } + #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) @@ -5622,10 +5634,10 @@ int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N) }; #if defined(MBEDTLS_HAVE_INT64) - return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF); + return ecp_mod_koblitz(N->p, N->n, Rp, 4, 1, 32, 0xFFFFFFFF); #else - return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, - 0); + return ecp_mod_koblitz(N->p, N->n, Rp, + 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0); #endif } @@ -5649,8 +5661,8 @@ int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N) MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; - return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, - 0); + return ecp_mod_koblitz(N->p, N->n, Rp, + 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0); } #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ From 7097447b84c6c31c8ffb7862c72143d089d6db81 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 21 Apr 2023 17:28:25 +0200 Subject: [PATCH 110/483] Ensure input parameter size for Koblitz reduction Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 029b515d82..55428d6d4e 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5597,7 +5597,13 @@ cleanup: */ static int ecp_mod_p192k1(mbedtls_mpi *N) { - return mbedtls_ecp_mod_p192k1(N); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((192 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p192k1(N); + +cleanup: + return ret; } MBEDTLS_STATIC_TESTABLE @@ -5618,7 +5624,13 @@ int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N) static int ecp_mod_p224k1(mbedtls_mpi *N) { - return mbedtls_ecp_mod_p224k1(N); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * 224 / biL; + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p224k1(N); + +cleanup: + return ret; } /* @@ -5647,7 +5659,13 @@ int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N) static int ecp_mod_p256k1(mbedtls_mpi *N) { - return mbedtls_ecp_mod_p256k1(N); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((256 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p256k1(N); + +cleanup: + return ret; } /* From d2c0ba172c2682e984c95d748939788a82ad5f82 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 24 Apr 2023 16:33:17 +0200 Subject: [PATCH 111/483] Fix value in comment Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 55428d6d4e..96aae31047 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5593,7 +5593,7 @@ cleanup: /* * Fast quasi-reduction modulo p192k1 = 2^192 - R, - * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 + * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x01000011C9 */ static int ecp_mod_p192k1(mbedtls_mpi *N) { From 03367fe42d8577c1a0bf238d3aacdb7faea0623c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 24 Apr 2023 16:34:29 +0200 Subject: [PATCH 112/483] Ignore carry since it can not be generated Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 96aae31047..aa2815ae7e 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5575,7 +5575,14 @@ static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, /* X = A0 + R * A1 */ mbedtls_mpi_core_mul(M, A1, A1_limbs, R, R_limbs); - mbedtls_mpi_core_add(X, X, M, A1_limbs + R_limbs); + (void) mbedtls_mpi_core_add(X, X, M, A1_limbs + R_limbs); + + /* Carry can not be generated since R is a 33-bit value and stored in + * 64 bits. The result value of the multiplication is at most + * P length + 33 bits in length and the result value of the addition + * is at most P length + 34 bits in length. So the result of the + * addition always fits in P length + 64 bits. + */ } cleanup: From fead53311bf366fb795b789842a1a50c23485d06 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Apr 2023 15:20:01 +0200 Subject: [PATCH 113/483] Remove unused macro Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index aa2815ae7e..a660f5724b 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5526,7 +5526,6 @@ cleanup: * Write N as A0 + 2^224 A1, return A0 + R * A1. * Actually do two passes, since R is big. */ -#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, From 19c6f47dbca05c2b8179b3fdd73770e85cec7995 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 26 Apr 2023 15:22:11 +0200 Subject: [PATCH 114/483] Allocate the right amount of memory Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index a660f5724b..e7ccd41b34 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5538,19 +5538,19 @@ static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, { int ret = 0; - size_t R_limbs = P_KOBLITZ_R; - size_t M_limbs = X_limbs + R_limbs + adjust; - mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); - if (M == NULL) { - return MBEDTLS_ERR_ECP_ALLOC_FAILED; - } - size_t A1_limbs = X_limbs - (P_limbs - adjust); if (A1_limbs > P_limbs + adjust) { A1_limbs = P_limbs + adjust; } mbedtls_mpi_uint *A1 = mbedtls_calloc(A1_limbs, ciL); if (A1 == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; + } + + size_t R_limbs = P_KOBLITZ_R; + size_t M_limbs = A1_limbs + R_limbs; + mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); + if (M == NULL) { ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; goto cleanup; } From c787cf73b35bd11033f48d84e072ca9ca3b7335d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 25 Apr 2023 12:13:25 +0100 Subject: [PATCH 115/483] bignum_core.py: Add "BignumCoreShiftL()" This patch introduces automatic test input generation for `mpi_core_shift_l()` function. It also adds two utility functions in bignum_common. Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/bignum_common.py | 17 ++++++++ scripts/mbedtls_dev/bignum_core.py | 62 ++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index d8ef4a84f5..20f7ff88b6 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -80,6 +80,23 @@ def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int: """ Retrun the hex digits need for a number of limbs. """ return 2 * (limbs * bits_in_limb // 8) +def hex_digits_max_int(val: str, bits_in_limb: int) -> int: + """ Return the first number exceeding maximum the limb space + required to store the input hex-string value. This method + weights on the input str_len rather than numerical value + and works with zero-padded inputs""" + n = ((1 << (len(val) * 4)) - 1) + l = limbs_mpi(n, bits_in_limb) + return bound_mpi_limbs(l, bits_in_limb) + +def zfill_match(reference: str, target: str) -> str: + """ Zero pad target hex-string the match the limb size of + the refference input """ + lt = len(target) + lr = len(reference) + targen_len = lr if lt < lr else lt + return "{:x}".format(int(target, 16)).zfill(targen_len) + class OperationCommon(test_data_generation.BaseTest): """Common features for bignum binary operations. diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 5801caef59..2abf77ac8a 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -68,6 +68,68 @@ class BignumCoreShiftR(BignumCoreTarget, test_data_generation.BaseTest): for count in counts: yield cls(input_hex, descr, count).create_test_case() + +class BignumCoreShiftL(BignumCoreTarget, bignum_common.ModOperationCommon): + """Test cases for mbedtls_bignum_core_shift_l().""" + + BIT_SHIFT_VALUES = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', + '1f', '20', '21', '3f', '40', '41', '47', '48', '4f', + '50', '51', '58', '80', '81', '88'] + DATA = ["0", "1", "40", "dee5ca1a7ef10a75", "a1055eb0bb1efa1150ff", + "002e7ab0070ad57001", "020100000000000000001011121314151617", + "1946e2958a85d8863ae21f4904fcc49478412534ed53eaf321f63f2a222" + "7a3c63acbf50b6305595f90cfa8327f6db80d986fe96080bcbb5df1bdbe" + "9b74fb8dedf2bddb3f8215b54dffd66409323bcc473e45a8fe9d08e77a51" + "1698b5dad0416305db7fcf"] + arity = 1 + test_function = "mpi_core_shift_l" + test_name = "Core shift(L)" + input_style = "arch_split" + symbol = "<<" + input_values = BIT_SHIFT_VALUES + moduli = DATA + + @property + def val_n_max_limbs(self) -> int: + """ Return the limb count required to store the maximum number that can + fit in a the number of digits used by val_n """ + m = bignum_common.hex_digits_max_int(self.val_n, self.bits_in_limb) - 1 + return bignum_common.limbs_mpi(m, self.bits_in_limb) + + def arguments(self) -> List[str]: + return [bignum_common.quote_str(self.val_n), + str(self.int_a) + ] + self.result() + + def description(self) -> str: + """ Format the output as: + #{count} {hex input} ({input bits} {limbs capacity}) << {bit shift} """ + bits = "({} bits in {} limbs)".format(self.int_n.bit_length(), self.val_n_max_limbs) + return "{} #{} {} {} {} {}".format(self.test_name, + self.count, + self.val_n, + bits, + self.symbol, + self.int_a) + + def format_result(self, res: int) -> str: + # Override to match zero-pading for leading digits between the output and input. + res_str = bignum_common.zfill_match(self.val_n, "{:x}".format(res)) + return bignum_common.quote_str(res_str) + + def result(self) -> List[str]: + result = (self.int_n << self.int_a) + # Calculate if there is space for shifting to the left(leading zero limbs) + mx = bignum_common.hex_digits_max_int(self.val_n, self.bits_in_limb) + # If there are empty limbs ahead, adjust the bitmask accordingly + result = result & (self.r - 1) if mx == self.r else result & (mx - 1) + return [self.format_result(result)] + + @property + def is_valid(self) -> bool: + return True + + class BignumCoreCTLookup(BignumCoreTarget, test_data_generation.BaseTest): """Test cases for mbedtls_mpi_core_ct_uint_table_lookup().""" test_function = "mpi_core_ct_uint_table_lookup" From 9275d5d68513f038a66dd41e07e78fec4b098b0e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 27 Apr 2023 10:32:29 +0200 Subject: [PATCH 116/483] mbedtls_psa_ffdh_set_prime_generator: check if key size is equal and use sizeof Signed-off-by: Przemek Stekiel --- library/psa_crypto_ffdh.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index 1e76d139f0..e15d15b92c 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -64,27 +64,27 @@ static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, static const unsigned char dhm_G_8192[] = MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN; - if (key_size <= 256) { + if (key_size == sizeof(dhm_P_2048)) { dhm_P = dhm_P_2048; dhm_G = dhm_G_2048; dhm_size_P = sizeof(dhm_P_2048); dhm_size_G = sizeof(dhm_G_2048); - } else if (key_size <= 384) { + } else if (key_size == sizeof(dhm_P_3072)) { dhm_P = dhm_P_3072; dhm_G = dhm_G_3072; dhm_size_P = sizeof(dhm_P_3072); dhm_size_G = sizeof(dhm_G_3072); - } else if (key_size <= 512) { + } else if (key_size == sizeof(dhm_P_4096)) { dhm_P = dhm_P_4096; dhm_G = dhm_G_4096; dhm_size_P = sizeof(dhm_P_4096); dhm_size_G = sizeof(dhm_G_4096); - } else if (key_size <= 768) { + } else if (key_size == sizeof(dhm_P_6144)) { dhm_P = dhm_P_6144; dhm_G = dhm_G_6144; dhm_size_P = sizeof(dhm_P_6144); dhm_size_G = sizeof(dhm_G_6144); - } else if (key_size <= 1024) { + } else if (key_size == sizeof(dhm_P_8192)) { dhm_P = dhm_P_8192; dhm_G = dhm_G_8192; dhm_size_P = sizeof(dhm_P_8192); From 6fd72b687fa70778908a898b6a20c61291755f2a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 27 Apr 2023 10:20:56 +0200 Subject: [PATCH 117/483] Optimize code (if-else format, action on error) Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 29 +++++++------------ library/psa_crypto_ffdh.c | 61 ++++++++++++++++++++++----------------- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c7d1b766c1..3c3e80d6a3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1417,16 +1417,14 @@ psa_status_t psa_export_public_key_internal( { psa_key_type_t type = attributes->core.type; - if (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || - PSA_KEY_TYPE_IS_DH(type)) { - if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { - /* Exporting public -> public */ - return psa_export_key_buffer_internal( - key_buffer, key_buffer_size, - data, data_size, data_length); - } - - if (PSA_KEY_TYPE_IS_RSA(type)) { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && + (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || + PSA_KEY_TYPE_IS_DH(type))) { + /* Exporting public -> public */ + return psa_export_key_buffer_internal( + key_buffer, key_buffer_size, + data, data_size, data_length); + } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key(attributes, @@ -1440,7 +1438,7 @@ psa_status_t psa_export_public_key_internal( return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ - } else if (PSA_KEY_TYPE_IS_ECC(type)) { + } else if (PSA_KEY_TYPE_IS_ECC(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) return mbedtls_psa_ecp_export_public_key(attributes, @@ -1454,26 +1452,19 @@ psa_status_t psa_export_public_key_internal( return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ - } + } else if (PSA_KEY_TYPE_IS_DH(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) - else if (PSA_KEY_TYPE_IS_DH(type)) { return mbedtls_psa_export_ffdh_public_key(attributes, key_buffer, key_buffer_size, data, data_size, data_length); - } else { - return PSA_ERROR_NOT_SUPPORTED; - } #else return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) */ } else { - /* This shouldn't happen in the reference implementation, but - it is valid for a special-purpose implementation to omit - support for exporting certain key types. */ return PSA_ERROR_NOT_SUPPORTED; } } diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index e15d15b92c..b6a9bf4739 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -142,31 +142,36 @@ psa_status_t mbedtls_psa_key_agreement_ffdh( status = mbedtls_psa_ffdh_set_prime_generator( PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); - if (status == PSA_SUCCESS) { - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, - key_buffer_size)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, - peer_key_length)); - - /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */ - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, - calculated_shared_secret_size)); - - *shared_secret_length = calculated_shared_secret_size; + if(status != PSA_SUCCESS) { + goto cleanup; } + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, + key_buffer_size)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, + peer_key_length)); + + /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */ + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, + calculated_shared_secret_size)); + + *shared_secret_length = calculated_shared_secret_size; + + ret = 0; + cleanup: mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); mbedtls_mpi_free(&K); - if (status == PSA_SUCCESS && ret != 0) { - return mbedtls_to_psa_error(ret); + if(status == PSA_SUCCESS && ret != 0) { + status = mbedtls_to_psa_error(ret); } - return PSA_SUCCESS; + return status; } #endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ @@ -188,21 +193,25 @@ psa_status_t mbedtls_psa_export_ffdh_public_key( status = mbedtls_psa_ffdh_set_prime_generator( PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); - if (status == PSA_SUCCESS) { - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, - key_buffer_size)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&GX, &G, &X, &P, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&GX, data, data_size)); - - *data_length = mbedtls_mpi_size(&GX); + if(status != PSA_SUCCESS) { + goto cleanup; } + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, + key_buffer_size)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&GX, &G, &X, &P, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&GX, data, data_size)); + + *data_length = mbedtls_mpi_size(&GX); + + ret = 0; cleanup: mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); mbedtls_mpi_free(&X); mbedtls_mpi_free(&GX); if (status == PSA_SUCCESS && ret != 0) { - return mbedtls_to_psa_error(ret); + status = mbedtls_to_psa_error(ret); } return status; From cf0156f3f3d89f1c7424a70569199557aa326b05 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 27 Apr 2023 11:12:39 +0200 Subject: [PATCH 118/483] mbedtls_psa_ffdh_generate_key: Fix random number generation Signed-off-by: Przemek Stekiel --- library/psa_crypto_ffdh.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index b6a9bf4739..77d51d5c08 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -232,10 +232,10 @@ psa_status_t mbedtls_psa_ffdh_generate_key( if (status == PSA_SUCCESS) { /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their secret exponent from the range [2, P-2]. - Select random value in range [4, P] and decrease it by 2. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random, + Select random value in range [3, P-1] and decrease it by 1. */ + MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1)); *key_buffer_length = mbedtls_mpi_size(&X); From 5357a7a6d9427892c39ae64feb9d4e6c2b8aae53 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 27 Apr 2023 11:22:36 +0200 Subject: [PATCH 119/483] Use PSA_MAX_OF_THREE in PSA_EXPORT_KEY_PAIR_MAX_SIZE Signed-off-by: Przemek Stekiel --- include/psa/crypto_sizes.h | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 361a1bf9ae..fb6c0a5396 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -933,17 +933,10 @@ * * See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ - (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \ - PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \ - PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ - PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) : \ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ - PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ - PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \ - PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)) +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_MAX_OF_THREE(PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS), \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS), \ + PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)) /** Sufficient buffer size for exporting any asymmetric public key. * @@ -954,8 +947,8 @@ * * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ - PSA_MAX_OF_THREE(PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS), \ +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_MAX_OF_THREE(PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS), \ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS), \ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)) From d1cf1bae5dbbd25912aa5f6a6e2079cef83d6ef3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 27 Apr 2023 12:04:21 +0200 Subject: [PATCH 120/483] Add function to validate dh key size Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3c3e80d6a3..d9ba543e37 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -134,6 +134,15 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) return global_data.drivers_initialized; } +static int psa_is_dh_key_size_valid(size_t bits) { + if (bits != 2048 && bits != 3072 && bits != 4096 && + bits != 6144 && bits != 8192) { + return 0; + } + + return 1; +} + psa_status_t mbedtls_to_psa_error(int ret) { /* Mbed TLS error codes can combine a high-level error code and a @@ -632,9 +641,7 @@ psa_status_t psa_import_key_into_slot( #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_DH(type)) { - if (data_length != 256 && data_length != 384 && - data_length != 512 && data_length != 768 && - data_length != 1024) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -6980,8 +6987,7 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { - if (bits != 2048 && bits != 3072 && bits != 4096 && - bits != 6144 && bits != 8192) { + if (psa_is_dh_key_size_valid(bits) == 0) { return PSA_ERROR_NOT_SUPPORTED; } } else From 2e7c33d5309e45153777443000bb9a2c84b656ab Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 27 Apr 2023 12:29:45 +0200 Subject: [PATCH 121/483] Use import_with_data for testing FFDH invalid key length Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 20 ++++++++++---------- tests/suites/test_suite_psa_crypto.function | 13 +------------ 2 files changed, 11 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4462e35d8c..51751c1cfb 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -552,43 +552,43 @@ import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5 PSA import/export FFDH RFC7919 2040 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 +import_with_data:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2040 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 +import_with_data:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 +import_with_data:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 +import_with_data:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:0:1 +import_with_data:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:0:1 +import_with_data:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:0:1 +import_with_data:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:0:1 +import_with_data:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 key pair: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:0:1 +import_with_data:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 public key: import invalid key length depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C -import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:0:1 +import_with_data:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2048 key pair: export buffer to small depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 61ac74e86d..8e25ad2e83 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1503,7 +1503,6 @@ void import_export(data_t *data, size_t reexported_length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t expected_import_result = PSA_SUCCESS; export_size = (ptrdiff_t) data->len + export_size_delta; ASSERT_ALLOC(exported, export_size); @@ -1523,19 +1522,9 @@ void import_export(data_t *data, export_size -= 1; } - if (PSA_KEY_TYPE_IS_DH(type) && - (data->len != 256 && data->len != 384 && - data->len != 512 && data->len != 768 && data->len != 1024)) { - expected_import_result = PSA_ERROR_INVALID_ARGUMENT; - } - /* Import the key */ TEST_EQUAL(psa_import_key(&attributes, data->x, data->len, &key), - expected_import_result); - - if (expected_import_result != PSA_SUCCESS) { - goto exit; - } + PSA_SUCCESS); /* Test the key information */ PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); From 2c9fc07cc46e3d3588a1227fb95f926a4b5a4ef0 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 27 Apr 2023 12:41:32 +0200 Subject: [PATCH 122/483] Fix FFDH tests dependencies Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 108 ++++++++++++------------ 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 51751c1cfb..673f925e23 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -507,167 +507,167 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 PSA import/export FFDH RFC7919 2048 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 2048 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 3072 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 3072 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 4096 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 4096 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 6144 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 6144 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 8192 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 8192 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 -PSA import/export FFDH RFC7919 2048 key pair: export not permiterd -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +PSA import/export FFDH RFC7919 2048 key pair: export not permitterd +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export FFDH RFC7919 2040 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_with_data:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2040 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_with_data:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_with_data:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_with_data:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_with_data:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_with_data:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_with_data:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_with_data:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_with_data:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_with_data:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2048 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 2048 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 3072 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 3072 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 4096 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 4096 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 6144 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 6144 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 8192 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 8192 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export-public FFDH RFC7919 public key 2048 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export_public_key:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0" PSA import/export-public FFDH RFC7919 key pair 2048 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export_public_key:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"AA396C4E08F47E499243FF17B3E0D019415A52FB6E31FCA71B2B9F46FE84E3A611757DD414A21E1BE8A8FFD60479348245918F7D771EC4A78733F627F72CE0FE1717EE3950B4DB7982577A332CC66C3F3EEB79CD604568644FD3EDAE35A08F3C75C7A99E1A24CB8B56CF7D102984568C0D93BAB9C760F22BB2AC3BEE62E532010E6EEB5A3FB2ABE1EEE1562C1C8D9AC8F781B7283C846B435F4BD4F437EE4D60B97B6EF6ECE675F199E6A40EEFFDC8C65F2973B662782FD2069AEFC026560FA57DE67474AD1A5C8837FF0644F6D0E79161DE5AC38B4837818A5EC38D335D6ECCCC1F9FC676D3548BA30635C5DB24C02BF86977E401E47C3262B81C84C340D729" PSA import/export-public FFDH RFC7919 public key 3072 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export_public_key:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512" PSA import/export-public FFDH RFC7919 key pair 3072 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export_public_key:"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"c6dbc8151d22313ab19feea7be0f22f798ff9bec21e9da9b5020b6028395d4a3258f3db0cee7adda3f56864863d4c565498d59b205bcbcc3fc098d78efd4e6b4e09b97971c6fd00cd2fa63bb0b3c7380cc1c19fbb34d077fda61c4a71c254242aa5870786b5d0fd3cb179f64f737eb7ab83b57ca70f93955f49b43869ca2ea441650f48a516137229be2926b02129de4089c9d129df7d76848ecda1bcecda1cf95df195e8e388ee70fac0f1c4d9b38e745b067ee88b32e6d59cb159a95852f18b121f85fedfbb6a2c6962ed70cc1ae471813e1bdc053abacccd1eec79359a6f15ec55d92bbf3890b912fbbb2c029407e1493315394a290f4ce81c0d9dccfbab386b745145cb173b9e08f018d309200691b72acafb313cebf483ff8810080bce9516aa5382a18c3c10965a33176d93d8c51f83d6fca7f606200bb7c779a891fd65dd7ed6972f6835f4e94d928f89f1d0ee204b1ef073a761c65241a76f254695ac31842600aa0753c94e6c805c24ed101bbb26c96928db1166a91c7fea8bc3b90" PSA import/export-public FFDH RFC7919 public key 4096 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export_public_key:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B" PSA import/export-public FFDH RFC7919 key pair 4096 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export_public_key:"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"e0c2e35be32adb92560e6557d07ba9bab295792063a2724f9e381e9f2644423e73efeb074ddee70388444bc1a67edfe496a6c38eafff45ec500278f9b896a6fb1de4a59461e6fcf1de17867018e0c362876ae107fd4287383989a4ab41cd44844b103cf58085aa52b49527df433446fa5c4665037475e8f78c8d64d5d60a462603d292d02c539329e9d48c25e05083fa98fd6a513c84f0e2ced9121c2f5922559abb5e2fe3081e6bf2256d6043af211a70fe48e371bf683b953f199821fe0fbe924151dc772e72db53492ba5613bcf5661b7ed419fa02f332443be5f8b97908800077306abf6fd796afdbbdbc2badb21501ccee5ed67635b3cf37819f5d1db5370d77960ac0535a029b0af1bf634679367d35db0e7f38bbe0a022392efefc6b8ccf1e9f53bd7ac28012f6bf5e3701476606eb4649c64377b1e0c418840486bb4a286ebaf685449061ee375487e9e9164d0a7c9327c7b667b1933dc3adb11358e76457d594c19b88e8a689107c641d3503a7639159f3cdae7f58398204d29895e84fb82e192b796866c27d8373a36c5c062a445f6fd515e561d7c2328e7424057229689fe7851432f706f21e114f74d21ca3b01f1aa57d2743f28f8dbfa5ef5c584de2012d82ee978bb7cd713001237e76b5ee12e3cc51393cbcfe1717cefdf885022f18e66661097fe1ce91d0508e1931cf3774bd83d8f068711e09943b82355" PSA import/export-public FFDH RFC7919 public key 6144 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export_public_key:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" PSA import/export-public FFDH RFC7919 key pair 6144 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export_public_key:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" PSA import/export-public FFDH RFC7919 public key 8192 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY import_export_public_key:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" PSA import/export-public FFDH RFC7919 key pair 8192 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR import_export_public_key:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" PSA import: reject raw data key of length 0 @@ -6695,51 +6695,51 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":"" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada":"" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27a":"da" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f":"6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6":"" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73d":"c6" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9":"f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87":"" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de":"87" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01":"ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c":"" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce0":"8c" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"10":"5d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c" PSA generate random: 0 bytes From 4c0da51ee7e48c01467fbb1ba0f4736b265cf4dc Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 27 Apr 2023 13:04:20 +0200 Subject: [PATCH 123/483] mbedtls_test_psa_exported_key_sanity_check: check for length equality for DH keys Signed-off-by: Przemek Stekiel --- tests/src/psa_exercise_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 61fc845b5f..5cb2296df4 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -791,7 +791,7 @@ int mbedtls_test_psa_exported_key_sanity_check( } } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { - TEST_ASSERT(exported_length <= + TEST_ASSERT(exported_length == PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits)); TEST_ASSERT(exported_length <= PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); From 6d85afa0cc68221524f95de22866cbb688d2f894 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 28 Apr 2023 11:42:17 +0200 Subject: [PATCH 124/483] Fix naming: FFDH key -> DH key and fix guard in psa_validate_key_type_and_size_for_key_generation Signed-off-by: Przemek Stekiel --- include/mbedtls/config_psa.h | 28 ++--- include/psa/crypto_config.h | 4 +- include/psa/crypto_sizes.h | 8 +- library/psa_crypto.c | 24 ++--- library/psa_crypto_ffdh.c | 8 +- library/psa_crypto_ffdh.h | 4 +- tests/suites/test_suite_psa_crypto.data | 134 ++++++++++++------------ 7 files changed, 105 insertions(+), 105 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 93ea1a5743..7046c517a8 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -295,13 +295,13 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */ #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */ -#if defined(PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_FFDH_KEY_PAIR) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR 1 +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR 1 #define MBEDTLS_DHM_C #define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_FFDH_KEY_PAIR */ -#endif /* PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR */ +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR */ +#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR */ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) @@ -311,13 +311,13 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -#if defined(PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_FFDH_PUBLIC_KEY) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY 1 +#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 #define MBEDTLS_DHM_C #define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_FFDH_PUBLIC_KEY */ -#endif /* PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY */ +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */ #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) @@ -676,10 +676,10 @@ extern "C" { #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_DHM_C) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR 1 -#define PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 #define PSA_WANT_ALG_FFDH 1 #endif /* MBEDTLS_DHM_C */ diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 1c4fb6d567..3dff049dbb 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -126,8 +126,8 @@ #define PSA_WANT_KEY_TYPE_DES 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR 1 -#define PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index fb6c0a5396..1b46c567f4 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -197,7 +197,7 @@ * operations, and does not need to accept all key sizes up to the limit. */ #define PSA_VENDOR_RSA_MAX_KEY_BITS 4096 -/* The maximum size of an FFDH key on this implementation, in bits. +/* The maximum size of an DH key on this implementation, in bits. * * Note that an implementation may set different size limits for different * operations, and does not need to accept all key sizes up to the limit. */ @@ -812,14 +812,14 @@ #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \ (PSA_BITS_TO_BYTES(key_bits)) -/* Maximum size of the export encoding of an FFDH key pair. +/* Maximum size of the export encoding of an DH key pair. * - * An FFDH key pair is represented by the secret value. + * An DH key pair is represented by the secret value. */ #define PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(key_bits) \ (PSA_BITS_TO_BYTES(key_bits)) -/* Maximum size of the export encoding of an FFDH public key. +/* Maximum size of the export encoding of an DH public key. */ #define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \ (PSA_BITS_TO_BYTES(key_bits)) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d9ba543e37..186b64f75a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -638,8 +638,8 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_DH(type)) { if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { return PSA_ERROR_INVALID_ARGUMENT; @@ -653,8 +653,8 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC(type)) { @@ -1460,8 +1460,8 @@ psa_status_t psa_export_public_key_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ } else if (PSA_KEY_TYPE_IS_DH(type)) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) return mbedtls_psa_export_ffdh_public_key(attributes, key_buffer, key_buffer_size, @@ -1469,8 +1469,8 @@ psa_status_t psa_export_public_key_internal( data_length); #else return PSA_ERROR_NOT_SUPPORTED; -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ } else { return PSA_ERROR_NOT_SUPPORTED; } @@ -6985,13 +6985,13 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( } else #endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { if (psa_is_dh_key_size_valid(bits) == 0) { return PSA_ERROR_NOT_SUPPORTED; } } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) */ +#endif /* defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) */ { return PSA_ERROR_NOT_SUPPORTED; } @@ -7044,14 +7044,14 @@ psa_status_t psa_generate_key_internal( } else #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { return mbedtls_psa_ffdh_generate_key(attributes, key_buffer, key_buffer_size, key_buffer_length); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) */ { (void) key_buffer_length; return PSA_ERROR_NOT_SUPPORTED; diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index 77d51d5c08..aba62eef3c 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -27,8 +27,8 @@ #include "psa_crypto_ffdh.h" #include "psa_crypto_random_impl.h" -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, mbedtls_mpi *P, mbedtls_mpi *G) @@ -251,7 +251,7 @@ cleanup: return status; } -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_KEY_PAIR || - MBEDTLS_PSA_BUILTIN_KEY_TYPE_FFDH_PUBLIC_KEY */ +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h index 950646ae6a..62b05b2e77 100644 --- a/library/psa_crypto_ffdh.h +++ b/library/psa_crypto_ffdh.h @@ -60,7 +60,7 @@ psa_status_t mbedtls_psa_key_agreement_ffdh( size_t shared_secret_size, size_t *shared_secret_length); -/** Export a public key or the public part of a FFDH key pair in binary format. +/** Export a public key or the public part of a DH key pair in binary format. * * \param[in] attributes The attributes for the key to export. * \param[in] key_buffer Material or context of the key to export. @@ -86,7 +86,7 @@ psa_status_t mbedtls_psa_export_ffdh_public_key( size_t *data_length); /** - * \brief Generate FFDH key. + * \brief Generate DH key. * * \note The signature of the function is that of a PSA driver generate_key * entry point. diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 673f925e23..68608e95a1 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -507,167 +507,167 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 PSA import/export FFDH RFC7919 2048 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 2048 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 3072 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 3072 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 4096 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 4096 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 6144 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 6144 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 8192 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 8192 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 2048 key pair: export not permitterd -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export FFDH RFC7919 2040 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_with_data:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2040 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_with_data:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_with_data:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_with_data:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_with_data:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_with_data:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2048 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 2048 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 3072 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 3072 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 4096 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 4096 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 6144 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 6144 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 8192 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 8192 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export-public FFDH RFC7919 public key 2048 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0" PSA import/export-public FFDH RFC7919 key pair 2048 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export_public_key:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"AA396C4E08F47E499243FF17B3E0D019415A52FB6E31FCA71B2B9F46FE84E3A611757DD414A21E1BE8A8FFD60479348245918F7D771EC4A78733F627F72CE0FE1717EE3950B4DB7982577A332CC66C3F3EEB79CD604568644FD3EDAE35A08F3C75C7A99E1A24CB8B56CF7D102984568C0D93BAB9C760F22BB2AC3BEE62E532010E6EEB5A3FB2ABE1EEE1562C1C8D9AC8F781B7283C846B435F4BD4F437EE4D60B97B6EF6ECE675F199E6A40EEFFDC8C65F2973B662782FD2069AEFC026560FA57DE67474AD1A5C8837FF0644F6D0E79161DE5AC38B4837818A5EC38D335D6ECCCC1F9FC676D3548BA30635C5DB24C02BF86977E401E47C3262B81C84C340D729" PSA import/export-public FFDH RFC7919 public key 3072 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512" PSA import/export-public FFDH RFC7919 key pair 3072 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export_public_key:"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"c6dbc8151d22313ab19feea7be0f22f798ff9bec21e9da9b5020b6028395d4a3258f3db0cee7adda3f56864863d4c565498d59b205bcbcc3fc098d78efd4e6b4e09b97971c6fd00cd2fa63bb0b3c7380cc1c19fbb34d077fda61c4a71c254242aa5870786b5d0fd3cb179f64f737eb7ab83b57ca70f93955f49b43869ca2ea441650f48a516137229be2926b02129de4089c9d129df7d76848ecda1bcecda1cf95df195e8e388ee70fac0f1c4d9b38e745b067ee88b32e6d59cb159a95852f18b121f85fedfbb6a2c6962ed70cc1ae471813e1bdc053abacccd1eec79359a6f15ec55d92bbf3890b912fbbb2c029407e1493315394a290f4ce81c0d9dccfbab386b745145cb173b9e08f018d309200691b72acafb313cebf483ff8810080bce9516aa5382a18c3c10965a33176d93d8c51f83d6fca7f606200bb7c779a891fd65dd7ed6972f6835f4e94d928f89f1d0ee204b1ef073a761c65241a76f254695ac31842600aa0753c94e6c805c24ed101bbb26c96928db1166a91c7fea8bc3b90" PSA import/export-public FFDH RFC7919 public key 4096 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B" PSA import/export-public FFDH RFC7919 key pair 4096 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export_public_key:"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"e0c2e35be32adb92560e6557d07ba9bab295792063a2724f9e381e9f2644423e73efeb074ddee70388444bc1a67edfe496a6c38eafff45ec500278f9b896a6fb1de4a59461e6fcf1de17867018e0c362876ae107fd4287383989a4ab41cd44844b103cf58085aa52b49527df433446fa5c4665037475e8f78c8d64d5d60a462603d292d02c539329e9d48c25e05083fa98fd6a513c84f0e2ced9121c2f5922559abb5e2fe3081e6bf2256d6043af211a70fe48e371bf683b953f199821fe0fbe924151dc772e72db53492ba5613bcf5661b7ed419fa02f332443be5f8b97908800077306abf6fd796afdbbdbc2badb21501ccee5ed67635b3cf37819f5d1db5370d77960ac0535a029b0af1bf634679367d35db0e7f38bbe0a022392efefc6b8ccf1e9f53bd7ac28012f6bf5e3701476606eb4649c64377b1e0c418840486bb4a286ebaf685449061ee375487e9e9164d0a7c9327c7b667b1933dc3adb11358e76457d594c19b88e8a689107c641d3503a7639159f3cdae7f58398204d29895e84fb82e192b796866c27d8373a36c5c062a445f6fd515e561d7c2328e7424057229689fe7851432f706f21e114f74d21ca3b01f1aa57d2743f28f8dbfa5ef5c584de2012d82ee978bb7cd713001237e76b5ee12e3cc51393cbcfe1717cefdf885022f18e66661097fe1ce91d0508e1931cf3774bd83d8f068711e09943b82355" PSA import/export-public FFDH RFC7919 public key 6144 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" PSA import/export-public FFDH RFC7919 key pair 6144 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export_public_key:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" PSA import/export-public FFDH RFC7919 public key 8192 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY import_export_public_key:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" PSA import/export-public FFDH RFC7919 key pair 8192 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR import_export_public_key:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" PSA import: reject raw data key of length 0 @@ -6635,35 +6635,35 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOM raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d":"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d" PSA raw key agreement: FFDH 2048 bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"718ab2b5da3bc6e7767a98fb2c172bd74003fae2acffbc9a53d9b358401c1c748da36cab277e9397bc5eeec3010321d0f882d959eb097adddc99745526b213e30dc0df9fb1e4cd3fc27bfb1d6e89c715373439a66b9a13aa1334c84799827c17be1c36c1bc02fe60ea698da790fe4d2af710a435a1aae7fb11cd2a90a17ad87dde4f154b325dc47d8ea107a29d10a3bfa17149a1f9e8a1f7b680bfdca90fb0913c0b681670d904de49d7d000d24060330d4d2e4a2381d78c49e272d313174218561ceeb37e2ef824905d0fa42d13d49a73018411aeb749f7f4fc765bdc6db58bcebd995d4c949b0061f20759e1263d8f9ba3fd56afda07c178997256bb7d5230" PSA raw key agreement: FFDH 2048 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"9156de25da686a831ca0645bfb49df73e4a126ab864393e943b3d12b7ad32cbf21709268bf918c4e03e9a3b54bd230d88f1ceaa2810fae5fd4091d31e76153daaf0da9168a7b39fa85acf618622efd1f70d5866e518f256d0ff90a0c468c41a329fb1dd837b18a4300be0f25b108fe7210705cdc0436df84592c1a8b372c5028d67ed5231f846452c942a5f087b3830aa139b0b045a7ae38903497e4ddd0585ce20504ff70e13dbadf77a73d5514eb9c38feeae3cb773311b360f8304f67cf3f2282e4aad47f1494b5823ae2196a23ca426426bef427e4056df1f9144b20bf0b1f6da451f8eead38fdc5bb71074e4d43e21bc6fa787a681c0ef92c633d73b348":"8a73c0f5d874a2afb718efa66f78c80adf713562145a9f5a1df5f2bb9ead8827eb518a769dc089364768b27b2e49ca465ec7c0710b3054ae256aec25de72bd435b3ede0e17ab50cc8ed102fa6a83a9f09454e59e218b894ee130fbd772fb95a83aba29c6b270daba1f3842b2eae2ad1eafe7945888a55cb459547d6cb0b276d25218df8948a86e49f3fefae9c5b30ca8a7fd1bac1c3a5cb4dedfbcbb5c6e5bafbdf8ffcb37d245260d00658450fad1ced83b5afedc43def222c7196f0531e101b3a777e5f5141597fe8c093485d0c8cc752b03e7f551ef3648b1da330fe3ba5dbbb9f11c1a44ef6c0c9c492b6140391254abb7ae8d3e77b4655ab6dd155ba2a1":"00a376f5bed9c27cfa7fa6e01ecd4094b6a189a6184270ea22cb5b2649a6c4b33682e0625536f7d61722fe85381d8ead8b283496db84f8e6b2eb7c5b015eb15c9bfa5eae290612e2aef4014d6bdce902f5907f73f6722d827b73297d14aa677ed1b75bc26785bb32cf60bed1d9467b2ac069ebe48ee9196bdbaa4565f9cfbff3c31e812c58d65bd5b4c45751d1439930d2ea237030307623a0b149a21077397ec5e2c50610c01f76cdec43ff2f9177a0b3a2b18de2a787d42b6f8bdacdcce49a6884f38c5a729e54ce616da439fc9fd6d7d266188b79e40800f22b8c21adcb1f8ffd2f5225e3dc4c485dc4df8184c04f0dea3b2c3f9b04e42e229fe1a24a77ba" PSA raw key agreement: FFDH 3072 bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"ff5de4e90966aadab8299ddbf8169af2c0d8d0d99a17b4a2e62ff55b36a69fe4566a775970dd0c2904465884b75b67756b0d04b68838e80d8bc84a741cd67d735ba7aec9b55a30cce1df81203fd5deb57bbec027846eb010054b4d5b911041f721358fc8acfc9c5f06d76932f42103adcde97d5607d93303a94fa9f9caea7108ce67a9ce866ef11b2b4ea8c2acb27340735ee8c64e7516e17bff3cf3ede166767f30cada892997f6b5309fc2cca54364678b93d044b4d8e5570e1f64127fcc21d8724fff275290d803df5fa413ec2f5231ce75a58f14a467cb80cc3c4f1f0a4a62ecc17c65f2723d3f7f804b2a02c91adbfea1b2bbbc9cf9a38df29da92a71375447c81c55b8fb4086f71d57e3260da06e08393f6329aa35e673a75545dee66d01e0c7243412c6e2043a984849b67095be3fb3bf39fff291639c57e44fda5d7c1898327c40c1815e88efe0330b4481e462d30e235f607dc9e53d99521f527d65bf3edb4d0332d6d074e652e84a2ffc5d75d1734b55f3b446db122af2a502f8a0" PSA raw key agreement: FFDH 3072 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"1c357f078144dbbf6815e798fbc6d98037a65bbd01961c6eb82d1f97bd0993132cfbba209e95e8a231e3bed2616b41119cc5a2f97d5da71ac2d6d0a6617a4e7b5d61857627cbfa57161de3aa6a2afac23f50e4a35dca1a82376879e695892a88323af1c0728eb1a76b2d3a1684df3f91ced0728f954d5349981cec5e309137f6d4e837d22f24a13fbd7985e2169b61aae812a68a1a4b3427b1e9f8612002b5fd711b9c9518c777c4e554a5109c9f079b929d5895df748a24d659d39e787076a1f1d9237a89b52c296644165d2625c541ff5052371093046f4b6abc28d3d2fbb4eb1cd2aa3d393a030f71c7050681b017febccd3bb947c6dbecf6fca28adb2a0f06e7cd9a6aa6eda160f0a3098bdd7a719f31beda56ffa0e26a212834d0da1f53e0739ef3ddbd119ff61b497d420585e3a8ea7cc3370829297da76edd3fb701d8efff6116dd87e6e542e82a76ab76cf5a75eb4638e817679fe06a5a3f04e67a101d154f4c2ccbf70b8bec0e5663fdd838ac0f4a4da02f0071e514b6c6d0ff3358":"17ec74c211f655be646c2f006056230208dcff38644efc429591562f3869f867e7b79cdfb3e426fef60ca77d9fc80ea39e21ec060321bab3c7820177eba4242d0cd9f0301e4da7146608409add169ed05dfda2702a437f3e2b8cd162a0e50da2682433d50c37cc1aeabc5c7cd8fdd359381a8d192af00d7f41b8c049b1e552b832224b40f9d85c4307f0b76b0e2605858fb33e594ac1d0c04d358209ad47133e76fa8dafd0f2370b1944a4780138618eaf66f6d4961c584aa7a34bcc1c78bbd15e7f5a2b8beaa8f66819dc04eabe08b24cabfe69e2b78a12470162ba6703bbbcf34890b8af761d36c33e3b72f631dbc5dd6f1fbafca18a8498623ea00bd9aa6b426da30e2ebc27075eb589b237d1dc54e215a6b6ec40220f14e320b72c5f702ee496b53a63edd5620294d9be88a862544c561b4e175ff3c094ab3adacc579334cb95fa2d29b17fa483ba50d6270b6478ce4f26b564bec6ae82a60e2c15456c4610b6567ba7d91218b59a670c517179d30d743751ae3c3e777ec1f29af890b2ec":"00abc3c15e3f8156a2785949d76c96c22fffb49b0701c29fb6711b51af0ce2851a8b469b4cb25750e2c35938f848f31f179470e3271eb6b8780ad5d757a2c1353f825baf55e5c76fbf4c73d2f0cdab409e8c4f85c3001da101cc97bea764c72e844cfad5f00cb8a81a5bfce5a4bf62b68ff2d13515064b17f23b7f6e6a65440856715d2696fa1957cc022b29e38fdbb8c2a0a54e22595ed66bc4c74c36d525b60900c7427274a9d60ea289a04715a677fb9c71eb1dbb38e30f30b2af8fa24f18a5a13e9f6ee83aeb4ec3f9452986399e2673ada70826b0a84cf446a21cce41e5119bf50798bc5fc9ffca9febe4ffc9d64f1b8abae11c7c8f5da0da2288b0f7a8aed286af03d06cdb1914fc50054bdd46c289c18b14297c4254b39ab5fd719264841b981c6531a80ebc8a59ebdfec9ae0413f3f9795622fad3bd34778e539ae104b8a85918401b10a3802a81db413bddac66f83b6428a33fe5c217a2d0feef50c8ef933d6e3d0f10d8b8630c52c89ae78385716efbfb855729ad0e5ef39828e6b" PSA raw key agreement: FFDH 4096 bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"262392693c8ca0da404d0195742df69a6b87d22984765c91e3c9dbbc0293960cf1f9deb7a25998a91f8c6b9756224435fc143f31690af35eb211acffec542c8f8fbea3c9112d666639d40a699467bb195815b8b816363ca44baa4df22eca425fa9ab1471ddf045f4e252090663c1c536dd29623c324c7e18b694f83a6c655fb3d95d5a9831ccc9978f66916e95aff49d973f322e2b43f5632a19d79d615a56539aa2ec8f4441bbf4f8016f8c23407e371e9de212c6f1d7d3ca4093c2648451eef68c03aa251547e94046d5fbdffb5cdc0f713bc390111d6727fc1d11243046203ad6632d91c1df3efa77ce530ff26376a208349f2b18628422c9ae13ef84f4a15c1e05ce5fb92ff55547943db4727d091308deb85f54acb94d14411049924b79da131e736a9af42a3fa7139d0357925f430c6cd4330b01ff66f5f8cca26f4230d562f45d5f75bd6d133114449205263c5631f3d561e2ed81e6aa54376094757cbb6f6857c03574e9f6042dc80ea78be470b836c5371a3fae8c119f67c28f856fe70c2affb46574a4356e995a45bdf35e50a6f3a2556d3d1d7c42db8e63430933ffc4783d571908a1270a3cd20d87678cc288ccc183c7cd7512587536a8e15267dd5af0ad3b501ecebc0ecd9ecfd410ce356f9305e4a32cfcafa676da5b5a9ed9b13a5e4cfc06e87310ccdc3ed988699610d7d3125de13a8ac0b59f782859f0b1" PSA raw key agreement: FFDH 4096 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"d39cf86d9d81011fc48d3bd489decd4cd520ba87e469b5899fae777109ff7b43c8c809814521a8d66ac33099c9bd2a8567a202c21a8b5457603ac1ce95ea9ae705efd69fb7c514295059938d818bb65b7c881d1ef9541346be2131143f51db13109e9a4fdff1ef2208839c89eb1c1d52018c77c33f5b7e73a747002997c75f4a3dcf15e7cd73938ece0cdefc9fcfa2c4b1c3416eb2fecc00ce328b0b2bead58493b3e8c25d3c0a675bf6ce2363917d1e74a7987a464709fcfcd1b512b67dc1023ade2cc027109169ffcb51625fbb0c607946a6009811be07047024bb6e517f388a99a08f2c73b7e0b779d8469797eb3153f2e5ddde2931a8f97c586e20c5e521b84d015a52f8e13d5fa34c32bc118b62d34cf157f1db40423f384a16a78c7e1569a5d754db6216f6412abfa7c440586c506d5be88d5172a311b8f16f70a06162dbab6ee09fea55c47f6538d3775d236cfa50824f5c8bafa44bcd9424aa620ef17466413f35aa6e6eb5c8d8a26a7ffd6e8bda2dc5ada4b296885635fc8a73933de059ff403fb0a322bf6daba24330a7be204c307f44260b4d34000d2142f79654360af82179f9d5e18e8f47c7d94a10fd077f011bdef578a2b57d5a382ca404f67fd3c59d95a3481f1311c7454bb45acba1e1c30acb6a9fbda70aea30a9ca76471dc46e504abae9a06eb9a8cfed83143cffef3c530b03185609a55484aaf9f677":"b7baa37aca4cd56e4107c3e428a7a568adbf678e741ad89f157f66803370618abfd8ec7c159d84a741c276ea119eaf2ec1bc4431a073d92de3dbca1287a37522b2ca4ef8c0a0fa76c1dd5f665d498ae62e5e2925b6d921d797d76d86e27ac8286643c19a2a2b1361fe7dd772766e9511127fd0cf92ad98099a9e1760ad969be0a7df4936f1b37455cbfe3a1ac9b3b83205594f018bb5f64970371d4e5396f4c5e8cf0cffaa4525ee811b39632551af470efc435fab26e3cbd643feb0113bf56fd4bced3ad743e55be2eaefa7d36833f56af570ff773a3a3cf649b1ef62fb300c4c5a70d70e4d6ba1ca405483f036092f5b9f94960306515fcd4a0d8a086d826c105924d05ce5ee3dd7c62d61d1a460772b169fd943824e0efffdde3f27439e112766780bca7b4c82a2c8fac1d18894fcbd40ea5f7f23aa27024870404cf1832cfa025df193f31aa275fc685fb348c321a2186adf32c9cd203cb4b1c49b8afffbfe11e1d443711a5a1da302fa0e52b5143e6ae7aa40ed4828d03a17443f04061f56c2d3b83298d617cd3a78cd84233dda83c4e541e9b98f0f4e7fed504f888ac929f0f3e00e3569e0f0aa95dd811297efa8af84c645d59bb6c2e968c1ba77772d858ff2d7448b65c723f6a87604ce938b670b612b3eebaa795593be2cac1d631c1b7d9baccb2cbebda6019eb42469ae4209a953f48c3cd438cd1b7b06c8c54819":"0053ad8c14e1ec87d76bf9127e084beaead313bf93f0f241442316af144097077da91c83d68c78692dd952036731624ec8ea8bf8bf85f7a278289f667bd5d92a6aa2e41337ee9e6089f8ead48ff7e179c80bedc10fa6e6e0c1511f33afe96f0890e6ef9b6f981f8337e60ada56ce0ed30ab1f6f8b72a3234cbc77db017c470d549173ae203cf73b4a5901a4edf713a866069bc7790e799becde1a088e8c3e3c41ac8f9c9abf8561af51f738577e183197c85e5d3ea5bfc6471577e7daa5cd3ed53f7e72849890d2d1f8ff0a830a1ce6283dd61e5e04b25183b42074e193cfde4ed2e35b25fb57715f74290a612d21e404394d9bc4116952cf962c14149287cf71d7c8bc26a9eac0231a0dfc4ed68fad9ceb195f82ca0012c8c9ff4350bb0a2da913af26fb0f0940541dc3ad788d3cc8512e0dfdf7e5f9604437492ed8b52c5b0eabfa04231a90abbf1b29298f33b55c4e94fe7af4aa94b572d4a7f4cd67de41b90f3224b9ce57d6656835560a8c8d22496d8dd15ac37866dc1b04cdbc23847e5f2bd8d1a5639c6e91612ceba11bd1125a75dbed89f01ba738bd27ca0a788fddcec35b823f986d5be1acc037f56d236eebedf8ec50e831f532194a62740ef45b49511abbe51b7179ec04b1aa752c0182dbef3e099579fdfe2624848bfa1c389a06039bff756d4cc0cb9cb4cc2fd382336afce62a20975409e0fc5a45e7a83416c" PSA raw key agreement: FFDH 6144 bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"ede0361026e81a9ad960f674de49449f12ee33c2dda7028c6b7fad7f8f8a7edc495621a6d13e47847873a954adfe7bb6a2ed7c9bc21f3b57458d9116ff4ed06cfca40e2002a70bca91a9a9e0475dd74be7d58453d3cc155ee0b0be20197e14674a7a6f8d903e211cbdbdad1e3383d0d1ae6b4d56837671589d8f151acb34bb4d1cdda55a0f9d1f70e80c61553fd0152bc871e930054efe763fdcd1f8fd1702afa61b3471e7a504612c58ab05ed581b34e2a884c5dd8d2aa919855351719e2cb290d00f0b161c104415f5579731072c1382508421c8d674113b2fe25a0e979455c8f145285ed3d32b744153d3ffab7625a3173440f026ecc62d9dd1bbdff6136f5d9d5245ff307eabfa91f6a10e7cf62a889975c0afd2f707eb8a43c2499c05029ca613edae2741f8e56b186a6390fbb0962323ed6c492620c1c8a24f9a89f15c00bd7263423e714db0fe0381556a15a8e4d1b7383d52fd524425e0200f9d410833330253306b1c23c15c08310bfc12b48131c120db8444d34dd951c5fd6df44e0eecbe92ad5f13641600db68d1d2c7d8ff460058c09d89d4febf2fcaacb40c900e19e4dc868a24ec61361c452541a0fb13da53d61b59806e0598985031e161a2e887420e4c6ce217587c72cd3a7b3085d2383112e1066277ed63e82ec16ac6dc7ce0ade255f30275b9798d4476f31d8d237c4d79b13da9dc6ceed7fe626e4da6eb6cfd234b8fdec4fd4520898b13a77aa034361c0d63edef55595e3e638b48c1c00e8c683c8cffd9fac2a33f73e04aff1f4624669057c7faf51f996e3d64bea3097b4810f99c8f078887be2440f67b249467eb26a03210b4d2baeaa8dc9746a14a6cfb45297e121eef8540eb438270403105c11ef4fed87127545b81e37ee1f942605a5a46253752351dee91d0a171031defa9dd20cbb942e3940fa43542f6fbcb0980f6ef2b36297527f7c0d47e36ea203ab924e937ca10e9d9e64c6419a061a300f86ffed0e2e72a1f73310efc00118dd315a6b01e19406471e071e4c153e2216d525195357fedf3d1f12d2c1ca659bbd1a6d1fa28b6bfb648deec17f8a894" PSA raw key agreement: FFDH 6144 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"8bc903e9b5b0742e86d657f64082205c1d50268b8d1d9260e5474e8b686e63adfab13484cc24e35b6f43f5e998fcd7d92c4aece9eb30b0f51b7a2200911e6d38b41da23f04e37697b6a7ac053d15676b75538aefb6693be8eda8b7d07b7611fbc9673e98d8580131cd3462d8851ab00f5831497cb89b4fdfd597a4fc84a9fe1a28ca3ceb17b70334af2414fff73584f2a21fda89c10e2b23a4b454ea4cd6d901312e52a557d45b9350dc8e8b08eb31a73095f014efebf1336ea2c4938fd477f90da212c92eeba483d784b377514c3afb7e34f8dbd6d4ca281aa0bb9167d6d96894b225deccfee7453739becb849c1f381720a59836df967d6525876509515014e46b0a8b27afd304b5db238dfdbe14afb8fb1433b05a00654abede04978f84116e4e3e3a6bdc9ef558dbc1a9cc5c5ba1ee4bd8654845f04106d3b1b48b3208d109aa96609cad246e543d94683b8963e13597dc4aec21b0959e7e6d73efc91ff2b9b52f0e9189f0619264b9893f9289dd8e9bd6d3cbccf079ab8fbd525151e704bd517ee8f29505046620048a684883e6fb858ce7b9e72ea35ae4ad7ded04f39e37a3056b6b695ef2032cb5cf99e22ce5500ba0315aff86516c42b1288c94b46dc0548c7ba07c2b2ca8423b9ba4782c1d4626589ae2b325917484f8eda07f2071276d3fb78bb71a5c501396302eacd1b07b28487c580c5ec5be236e1ad4fcc434325b24a2409c236a85f7b9e0e66f6548a1814c519919d8215b0370b9b3256aa10a28a05f0d2265f6fa7842dfbc67c8f32e9fe12d0df647665ba9809349e5ef6911a4755330d004de03e598cbd7e2b80c259d9d66050177df8984263a7c53abb5ea3157945b727fbf1866649260e321a7ad5eaea41639b35ed6e98b74ab679eab93e5873857342fbb55cda604f57222555631741aa97d74b5eff885aa45ce5a25d34841aa0ea4ea317267e86c45f713c81c3de81cd6eb252053544a5dcacd9f7388704bda8acf83276975f03bffd403eaf199a7a1367d2e6b40c7d94e23679b6520eb40b5d61f5f56c6939f21a4f1dc00f13b5cdcaaf827c760a6e4a9c5601961":"b3795eb1aead05ed8b950e0a00fa12ac0ce4679e6f7715ffd8b5df04e5b068c82210482d3a377b224dc7aec1dfb7e4d635b9fbc22a5534b6a4cb50d3c39cd0dd5e0ec45ea69a3296b83ce89b5cc0c5e15e4934212e8c33ed23939912d0cd738eaa949f763450d5a07fb1540207065f1159a55af7f80bc48c49f88164cd4492b0020902c78295dacfe593fedc1914ddefebf45b5eccd6830681a80c853a3f2389798c391aab3baafd578ad0bf0dfe5b63fd05835e215c6850c0f61e48698053fec9281f0a11b45cc4e259b310a9720456c481031e0467401afeade395ab9b664d9fdb42f953aaf9fb6501c2e105868201ef26d58d31d473c676c751bd892a84a59441f92f7b6ba49a7e385b3d13f806e701a7c339d37e5596414631ed95908c7118f45250acb68f6f2d9ea4bfcb85dc75d21a03a5dc2b86d41cc55753a72a185ce94d20cb897f8759b4ba41e56fe9cf6edf7ee733581589b319e85300b7f479b093030e2d345584e2934dafddda62701404b628b2f25a15992b7ded6271fecb37b817316a908ede803285da3b57986196d59b164692384d469c09b4551b37862d588294a022db7deca641ae90f9a96d75612d55b673213419a450f7ccf78a2fdad291f6c905b5e1a0bbe90baec1c2706d7d81ea8f6d68d350004ea00f24009f6121650547e84b3edb66d969af206f5011ededee736eafe4100e4625ced482caf2cdf6b4465927d8fb138bebaeff652d6afa0fbfd03ea03cf70e80bd95ade41443b85bfa1c56f770f123ba3666412cc2c6997de49e90d7d9fa1722894d6c4f7dfa349e9a9c400eb59b4ce4f6a64763359ed1bf2327f552052070bd4bd2fc1a816e8eddf72645e7fb0ef10bf9c5dee2b386ee2258c99f8ec5b91d8e043b9411870c6f02d2df7863359e46e732e3ffc398993a232d812f934737c503f9d3532d4126c72d5dabf8ff9d6da214fb9571ad180935cb6d01ec1404c85346d9ca858adff2a8ae87ae2d9b99c3ea1557a801703bade1d349410304dfaca488cd5b90086dbee91d60c7dba504721fd54b38fa0835cf70b2f48837430476d5fe8349ad1f2f38":"00e17befd66905acec575c87804c61c047abc9a724db6337e34975980eb0395cf4da8c956c823fa23c52b901bb58a9d26eff282dc6a0f588d71a1636bb919ca1d564f400d7a8e909cc9c59cbaf18f09d5a2101a7afd32687657a3cd1b00148cc84411ff3f07609acc8c07eed678162d1d69280f1072674dfc1d6819d45d8710e2be12402b06b846d68f4088895ce64243f24156c1be33031dac21fb60916ebfdc3939a6bcb012c66c7ef748e30f43bcc08e13c5dea85703a4928166501bb1eec25e61ba5c187531bd982fb310e56656cadfe4f7f756c8b71062388d50cbb70a7d07220912891c4c736ef1ec6390d4bc12803f20c8f1ffa7f41996ce3c8ab792753165fc25d2c1b373f5664c38ed688b4d096a34bf2669e8245bb55ad4c0ad51206fd082969bef351c271b103aa1592889536a2b9ed18e02035a457735317bdca6b7f7104af64d30270c732cfff302d7b82c1a602f16194ea62290c1ed35e93911a62743b3d1bee83c01669320408f2219f2d53c926acf014150ab47ddcee73c6159b368ab26f4da25c5440f79fb898473bdc2b7c333cff7cc5f8332b43ba1a49c327bc5b5ad9459afabf5e9c8421cee51ec0a6821e7af83af0ba2857ef2dd1417b250e2e1e14045883a26e3c70404c53998daf94d8452ade76e0e886324cc6301cdd40d04be33c59ba11bb7e5ef62186647d3891b221bd955e109f5b9b3dc625b44cbc3359e8b2dc4b90171d4a0a47537e095e0108827b3228e6ba325e935a2eb2eb82985443c7691ac208d55ca8d7200adef6c9b9e224190f672efbba75554a4c72af539c70d0bb7af67ada46a2c46311a91bd67d7ce724581695f6b4b2c0a58cd23b84873a76556bf573e447fcf583395895600aca30340ba327b44df33b1aa5c51f515c542c37fd9dba35534f94383300c23ceb8426e46ada509e03dd06fc2ea3fc6b973ef02dd6cb6adc36d76158c21dd8975c0eaa3d50082b53d328acd5894a1229c27aabd513ff6d8de6e2e780ef8342182182f85a89e6697452166f4e012a6f3f137c8d2a5e279e1f490995d9618f177acfac9f16f65bb89c2087e7b5" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160 @@ -6695,51 +6695,51 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":"" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada":"" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27a":"da" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f":"6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6":"" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73d":"c6" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9":"f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87":"" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de":"87" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01":"ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c":"" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce0":"8c" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"10":"5d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c" PSA generate random: 0 bytes @@ -6900,27 +6900,27 @@ PSA generate key: RSA, e=2 generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT PSA generate key: FFDH, 2048 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 3072 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 4096 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 6144 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 8192 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 1024 bits, invalid bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_FFDH_KEY_PAIR +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0 PSA import persistent key: raw data, 8 bits From 534105044cfb76bbd66d8b1f3889c2ff67b40243 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 28 Apr 2023 13:18:43 +0200 Subject: [PATCH 125/483] Add guards for psa_is_dh_key_size_valid Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 186b64f75a..4fe20b47e6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -133,7 +133,9 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) (void) hash_alg; return global_data.drivers_initialized; } - +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ + defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) static int psa_is_dh_key_size_valid(size_t bits) { if (bits != 2048 && bits != 3072 && bits != 4096 && bits != 6144 && bits != 8192) { @@ -142,6 +144,9 @@ static int psa_is_dh_key_size_valid(size_t bits) { return 1; } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || + PSA_WANT_KEY_TYPE_DH_KEY_PAIR */ psa_status_t mbedtls_to_psa_error(int ret) { From eb511a44954a4cab120c26a87e9b47e2764471b4 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 28 Apr 2023 13:20:16 +0200 Subject: [PATCH 126/483] Update config files to make PSA FFDH undependent on MBEDTLS_DHM_C To enable support for FFDH in PSA MBEDTLS_USE_PSA_CRYPTO needs to be enabled. Signed-off-by: Przemek Stekiel --- include/mbedtls/config_psa.h | 12 ------------ include/psa/crypto_config.h | 5 +++-- 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 7046c517a8..a50f3d5338 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -151,7 +151,6 @@ extern "C" { #if defined(PSA_WANT_ALG_FFDH) #if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 -#define MBEDTLS_DHM_C #define MBEDTLS_BIGNUM_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */ #endif /* PSA_WANT_ALG_FFDH */ @@ -298,7 +297,6 @@ extern "C" { #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR 1 -#define MBEDTLS_DHM_C #define MBEDTLS_BIGNUM_C #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR */ #endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR */ @@ -314,7 +312,6 @@ extern "C" { #if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 -#define MBEDTLS_DHM_C #define MBEDTLS_BIGNUM_C #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */ #endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */ @@ -675,15 +672,6 @@ extern "C" { #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif /* MBEDTLS_ECP_C */ -#if defined(MBEDTLS_DHM_C) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 -#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 -#define PSA_WANT_ALG_FFDH 1 -#endif /* MBEDTLS_DHM_C */ - #if defined(MBEDTLS_GCM_C) #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 #define PSA_WANT_ALG_GCM 1 diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 3dff049dbb..c08a860418 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -65,6 +65,7 @@ #define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 #define PSA_WANT_ALG_ECB_NO_PADDING 1 #define PSA_WANT_ALG_ECDH 1 +#define PSA_WANT_ALG_FFDH 1 #define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_JPAKE 1 #define PSA_WANT_ALG_GCM 1 @@ -126,8 +127,8 @@ #define PSA_WANT_KEY_TYPE_DES 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR 1 -#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 From 4ce523256b1a4800271fca8bc79f8de05c4bfed6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 28 Apr 2023 13:40:34 +0200 Subject: [PATCH 127/483] Fix definition of PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (ECC vs FFDH max) Signed-off-by: Przemek Stekiel --- include/psa/crypto_sizes.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 1b46c567f4..8fd91ff285 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -987,8 +987,11 @@ * * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits). */ -#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \ - (PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)) +#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \ + (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \ + PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \ + PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)) /** The default IV size for a cipher algorithm, in bytes. * From 75095cce741e865b90be3a26c00846a4f91c29ff Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 28 Apr 2023 14:20:27 +0200 Subject: [PATCH 128/483] mbedtls_psa_ffdh_set_prime_generator: use switch instead if-else Signed-off-by: Przemek Stekiel --- library/psa_crypto_ffdh.c | 60 +++++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 27 deletions(-) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index aba62eef3c..de6cd75a2f 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -64,33 +64,39 @@ static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, static const unsigned char dhm_G_8192[] = MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN; - if (key_size == sizeof(dhm_P_2048)) { - dhm_P = dhm_P_2048; - dhm_G = dhm_G_2048; - dhm_size_P = sizeof(dhm_P_2048); - dhm_size_G = sizeof(dhm_G_2048); - } else if (key_size == sizeof(dhm_P_3072)) { - dhm_P = dhm_P_3072; - dhm_G = dhm_G_3072; - dhm_size_P = sizeof(dhm_P_3072); - dhm_size_G = sizeof(dhm_G_3072); - } else if (key_size == sizeof(dhm_P_4096)) { - dhm_P = dhm_P_4096; - dhm_G = dhm_G_4096; - dhm_size_P = sizeof(dhm_P_4096); - dhm_size_G = sizeof(dhm_G_4096); - } else if (key_size == sizeof(dhm_P_6144)) { - dhm_P = dhm_P_6144; - dhm_G = dhm_G_6144; - dhm_size_P = sizeof(dhm_P_6144); - dhm_size_G = sizeof(dhm_G_6144); - } else if (key_size == sizeof(dhm_P_8192)) { - dhm_P = dhm_P_8192; - dhm_G = dhm_G_8192; - dhm_size_P = sizeof(dhm_P_8192); - dhm_size_G = sizeof(dhm_G_8192); - } else { - return PSA_ERROR_INVALID_ARGUMENT; + switch(key_size) { + case sizeof(dhm_P_2048): + dhm_P = dhm_P_2048; + dhm_G = dhm_G_2048; + dhm_size_P = sizeof(dhm_P_2048); + dhm_size_G = sizeof(dhm_G_2048); + break; + case sizeof(dhm_P_3072): + dhm_P = dhm_P_3072; + dhm_G = dhm_G_3072; + dhm_size_P = sizeof(dhm_P_3072); + dhm_size_G = sizeof(dhm_G_3072); + break; + case sizeof(dhm_P_4096): + dhm_P = dhm_P_4096; + dhm_G = dhm_G_4096; + dhm_size_P = sizeof(dhm_P_4096); + dhm_size_G = sizeof(dhm_G_4096); + break; + case sizeof(dhm_P_6144): + dhm_P = dhm_P_6144; + dhm_G = dhm_G_6144; + dhm_size_P = sizeof(dhm_P_6144); + dhm_size_G = sizeof(dhm_G_6144); + break; + case sizeof(dhm_P_8192): + dhm_P = dhm_P_8192; + dhm_G = dhm_G_8192; + dhm_size_P = sizeof(dhm_P_8192); + dhm_size_G = sizeof(dhm_G_8192); + break; + default: + return PSA_ERROR_INVALID_ARGUMENT; } if (P != NULL) { From 6f400a376eb83ea139cf149c388ea3ce0634d753 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 1 May 2023 05:26:47 -0400 Subject: [PATCH 129/483] Disallow leading zeroes when parsing IPv4 addresses Signed-off-by: Andrzej Kurek --- library/x509_crt.c | 8 +++++++- tests/suites/test_suite_x509parse.data | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 874d8f607a..61929bea6f 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2667,7 +2667,6 @@ static int x509_inet_pton_ipv6(const char *src, void *dst) static int x509_inet_pton_ipv4(const char *src, void *dst) { - /* note: allows leading 0's, e.g. 000.000.000.000 */ const unsigned char *p = (const unsigned char *) src; uint8_t *res = (uint8_t *) dst; uint8_t digit, num_digits = 0; @@ -2681,6 +2680,13 @@ static int x509_inet_pton_ipv4(const char *src, void *dst) if (digit > 9) { break; } + + /* Don't allow leading zeroes. These might mean octal format, + * which this implementation does not support. */ + if (octet == 0 && num_digits > 0) { + break; + } + octet = octet * 10 + digit; num_digits++; p++; diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a6b001fb15..251cb0feff 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1046,6 +1046,12 @@ x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip X509 CRT parse CN: IPv4 valid address x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4 +X509 CRT parse CN: IPv4 leading zeroes #1 +x509_crt_parse_cn_inet_pton:"010.10.10.10":"":0 + +X509 CRT parse CN: IPv4 leading zeroes #2 +x509_crt_parse_cn_inet_pton:"10.10.10.001":"":0 + X509 CRT parse CN: IPv4 excess 0s x509_crt_parse_cn_inet_pton:"10.0000.10.10":"":0 From 4f4c87b01e99fb9fc62b5872cdb90d266bf01dbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 14 Apr 2023 15:00:27 +0200 Subject: [PATCH 130/483] Add readthedocs-cli to requirements.in MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will allow us to manage our redirects in-tree. Signed-off-by: Bence Szépkúti --- docs/requirements.in | 3 ++- docs/requirements.txt | 20 ++++++++++++++++++-- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/requirements.in b/docs/requirements.in index a523188c38..14d618c793 100644 --- a/docs/requirements.in +++ b/docs/requirements.in @@ -1,2 +1,3 @@ -sphinx-rtd-theme breathe +readthedocs-cli +sphinx-rtd-theme diff --git a/docs/requirements.txt b/docs/requirements.txt index 4b9f3a6b3f..a1bfd82377 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -14,6 +14,8 @@ certifi==2022.12.7 # via requests charset-normalizer==3.1.0 # via requests +click==8.1.3 + # via readthedocs-cli docutils==0.17.1 # via # breathe @@ -27,14 +29,28 @@ importlib-metadata==6.0.0 # via sphinx jinja2==3.1.2 # via sphinx +markdown-it-py==2.2.0 + # via rich markupsafe==2.1.2 # via jinja2 +mdurl==0.1.2 + # via markdown-it-py packaging==23.0 # via sphinx pygments==2.14.0 - # via sphinx + # via + # rich + # sphinx +pyyaml==6.0 + # via readthedocs-cli +readthedocs-cli==4 + # via -r requirements.in requests==2.28.2 - # via sphinx + # via + # readthedocs-cli + # sphinx +rich==13.3.5 + # via readthedocs-cli snowballstemmer==2.2.0 # via sphinx sphinx==4.5.0 From 7ce8fba3cbf2174917e1672ac557fbba3493a121 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 14 Apr 2023 16:36:19 +0200 Subject: [PATCH 131/483] Add post-build step to update redirects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows us to maintain the list of redirects in-tree. Signed-off-by: Bence Szépkúti --- .readthedocs.yaml | 7 +++++-- docs/redirects.yaml | 10 ++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 docs/redirects.yaml diff --git a/.readthedocs.yaml b/.readthedocs.yaml index cef07bf1cc..104ef7674a 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -12,8 +12,11 @@ build: python: "3.9" jobs: pre_build: - - make apidoc - - breathe-apidoc -o docs/api apidoc/xml + - make apidoc + - breathe-apidoc -o docs/api apidoc/xml + post_build: + - '[ "$READTHEDOCS_VERSION" != "development" ] || "$READTHEDOCS_VIRTUALENV_PATH/bin/rtd" projects "Mbed TLS API" redirects sync --wet-run -f docs/redirects.yaml' + # Build documentation in the docs/ directory with Sphinx sphinx: diff --git a/docs/redirects.yaml b/docs/redirects.yaml new file mode 100644 index 0000000000..c3a13f302c --- /dev/null +++ b/docs/redirects.yaml @@ -0,0 +1,10 @@ +# Readthedocs redirects +# See https://docs.readthedocs.io/en/stable/user-defined-redirects.html +# +# In order to prevent exposing the API token, PR jobs do not update the +# redirects - changes to this file are only applied when they are merged +# into the main branch. + +- type: exact + from_url: /projects/api/en/latest/$rest + to_url: /projects/api/en/development/ From b567f8326d2baffb10872799cfe7db1faf5797e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 May 2023 21:38:11 +0200 Subject: [PATCH 132/483] Halve size of mbedtls_error_pair_t All PSA crypto error codes fit comfortably in 16 bits and we have no plans to ever change this. So use 16 bits to store them, which reduces mbedtls_error_pair_t from 8 bytes to 4 bytes. Signed-off-by: Gilles Peskine --- include/mbedtls/psa_util.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index b750716a9e..32d20b5e5d 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -345,7 +345,11 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ typedef struct { - psa_status_t psa_status; + /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */ + int16_t psa_status; + /* Error codes used by Mbed TLS are in one of the ranges + * -127..-1 (low-level) or (-128) * (128..511) (high-level), + * fitting in 16 bits. */ int16_t mbedtls_error; } mbedtls_error_pair_t; From aca31654e6e96c76b073e0ffedb6ae53c9e4f4c7 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:35:50 +0530 Subject: [PATCH 133/483] Enable PSA_WANT_ALG_PBKDF2_HMAC in crypto_config.h Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_config.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index e68fac8b44..7e44427bd9 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -74,9 +74,7 @@ #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ -//#define PSA_WANT_ALG_PBKDF2_HMAC 1 +#define PSA_WANT_ALG_PBKDF2_HMAC 1 #define PSA_WANT_ALG_RIPEMD160 1 #define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 @@ -92,8 +90,7 @@ #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ +/* Note: when adding support, also adjust include/mbedtls/config_psa.h */ //#define PSA_WANT_ALG_XTS 1 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 From 83baf8968dfaf312a4deb507f71e647243efc97f Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:42:29 +0530 Subject: [PATCH 134/483] Add builtin PBKDF2_HMAC definition in config_psa.h Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 20d4358f9b..bbad0c4af1 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -261,6 +261,13 @@ extern "C" { #define MBEDTLS_SHA512_C #endif +#if defined(PSA_WANT_ALG_PBKDF2_HMAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* PSA_WANT_ALG_PBKDF2_HMAC */ + #if defined(PSA_WANT_ALG_TLS12_PRF) #if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 @@ -675,6 +682,13 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC +#if defined(MBEDTLS_PKCS5_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define PSA_WANT_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#define PSA_WANT_ALG_PBKDF2_HMAC 1 +#endif /* MBEDTLS_PKCS5_C */ + #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PRF 1 From 876e2c242482fbc7b683950fcd52922b0b704db9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:51:25 +0530 Subject: [PATCH 135/483] Add psa_pbkdf2_key_derivation_state_t Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 1913a9b548..18e3fde93f 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -105,5 +105,14 @@ typedef struct psa_tls12_prf_key_derivation_s { } psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +typedef enum { + PSA_PBKDF2_STATE_INIT, /* no input provided */ + PSA_PBKDF2_STATE_INPUT_COST_SET, /* input cost has been set */ + PSA_PBKDF2_STATE_SALT_SET, /* salt has been set */ + PSA_PBKDF2_STATE_PASSWORD_SET, /* password has been set */ + PSA_PBKDF2_STATE_OUTPUT /* output has been started */ +} psa_pbkdf2_key_derivation_state_t; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ From 30ced52497919678600c1f5677ca40832d8747c4 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:56:02 +0530 Subject: [PATCH 136/483] Add pbkdf2 struct to crypto_builtin_key_derivation.h Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 18e3fde93f..d2cf4df972 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -114,5 +114,14 @@ typedef enum { PSA_PBKDF2_STATE_OUTPUT /* output has been started */ } psa_pbkdf2_key_derivation_state_t; +typedef struct { + psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state); + uint64_t MBEDTLS_PRIVATE(input_cost); + uint8_t *MBEDTLS_PRIVATE(salt); + size_t MBEDTLS_PRIVATE(salt_length); + uint8_t *MBEDTLS_PRIVATE(password); + size_t MBEDTLS_PRIVATE(password_length); +} psa_pbkdf2_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ + #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ From dcfa5482933128aec459cd57a276ce02fa3b1c55 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:57:09 +0530 Subject: [PATCH 137/483] Add pbkdf2 to key_derivation context struct Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_driver_contexts_key_derivation.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 39754cc010..5b4e4745d6 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -55,6 +55,9 @@ typedef union { #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms); #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + psa_pbkdf2_key_derivation_t MBEDTLS_PRIVATE(pbkdf2); +#endif } psa_driver_key_derivation_context_t; #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H */ From af0b534256a1ee195d48ecd1761ca9b1a29c21d2 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:58:46 +0530 Subject: [PATCH 138/483] Add pbkdf2 to ATLEAST_ONE_BUILTIN_KDF definition Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f7e91d606f..6c7f2b0ece 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4989,7 +4989,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) #if defined(BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ From d132cacb38a4dc6e05d110887ecbd69c10cd2634 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:00:27 +0530 Subject: [PATCH 139/483] Add pbkdf2_hmac to is_kdf_alg_supported() Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6c7f2b0ece..46b957874c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5890,6 +5890,11 @@ static int is_kdf_alg_supported(psa_algorithm_t kdf_alg) if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { return 1; } +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + return 1; + } #endif return 0; } From 944bba1e30aec6204cbaa21415d04db51e5e82fb Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:14:03 +0530 Subject: [PATCH 140/483] Add input cost function for pbkdf2 Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 46b957874c..0ed005f32d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6384,6 +6384,35 @@ static psa_status_t psa_tls12_ecjpake_to_pms_input( return PSA_SUCCESS; } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +static psa_status_t psa_pbkdf2_set_input_cost( + psa_pbkdf2_key_derivation_t *pbkdf2, + psa_key_derivation_step_t step, + uint64_t data) +{ + if (step != PSA_KEY_DERIVATION_INPUT_COST) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (pbkdf2->state != PSA_PBKDF2_STATE_INIT) { + return PSA_ERROR_BAD_STATE; + } +#if UINT_MAX > 0xFFFFFFFF + if (data > 0xFFFFFFFF) { + return PSA_ERROR_INVALID_ARGUMENT; + } +#endif + if (data == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + pbkdf2->input_cost = data; + pbkdf2->state = PSA_PBKDF2_STATE_INPUT_COST_SET; + + return PSA_SUCCESS; +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ + /** Check whether the given key type is acceptable for the given * input step of a key derivation. * @@ -6491,6 +6520,12 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + status = psa_pbkdf2_set_input_cost( + &operation->ctx.pbkdf2, step, value); + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { (void) step; (void) value; From 547a6c6fd1cc3e13077c3efd1d42d7e585dfec2d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:18:19 +0530 Subject: [PATCH 141/483] add input salt function for pbkdf2 Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0ed005f32d..ba6a64a554 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6411,6 +6411,50 @@ static psa_status_t psa_pbkdf2_set_input_cost( return PSA_SUCCESS; } + +static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, + const uint8_t *data, + size_t data_length) +{ + uint8_t *prev_salt; + size_t prev_salt_length; + + if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET && + pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { + return PSA_ERROR_BAD_STATE; + } + + if (data_length != 0) { + if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { + pbkdf2->salt = mbedtls_calloc(1, data_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->salt, data, data_length); + pbkdf2->salt_length = data_length; + } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { + prev_salt = pbkdf2->salt; + prev_salt_length = pbkdf2->salt_length; + pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->salt, prev_salt, prev_salt_length); + memcpy(pbkdf2->salt + prev_salt_length, data, + data_length); + pbkdf2->salt_length += data_length; + mbedtls_free(prev_salt); + } + } else { + return PSA_ERROR_INVALID_ARGUMENT; + } + + pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; + + return PSA_SUCCESS; +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ /** Check whether the given key type is acceptable for the given From f4fe3ee9e40df638924c92605415338b6bae8b85 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:21:07 +0530 Subject: [PATCH 142/483] Add input password function for pbkdf2 Also adds PSA_KEY_DERIVATION_INPUT_PASSWORD case handling to psa_key_derivation_check_input_type function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ba6a64a554..82a362ca0f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6455,6 +6455,29 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } + +static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, + const uint8_t *data, + size_t data_length) +{ + if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { + return PSA_ERROR_BAD_STATE; + } + + if (data_length != 0) { + pbkdf2->password = mbedtls_calloc(1, data_length); + if (pbkdf2->password == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->password, data, data_length); + pbkdf2->password_length = data_length; + } + + pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; + + return PSA_SUCCESS; +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ /** Check whether the given key type is acceptable for the given @@ -6498,6 +6521,17 @@ static int psa_key_derivation_check_input_type( return PSA_SUCCESS; } break; + case PSA_KEY_DERIVATION_INPUT_PASSWORD: + if (key_type == PSA_KEY_TYPE_PASSWORD) { + return PSA_SUCCESS; + } + if (key_type == PSA_KEY_TYPE_DERIVE) { + return PSA_SUCCESS; + } + if (key_type == PSA_KEY_TYPE_NONE) { + return PSA_SUCCESS; + } + break; } return PSA_ERROR_INVALID_ARGUMENT; } From 24b3895dee1475fc2a41beffbb0227ed6b4792c6 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:25:26 +0530 Subject: [PATCH 143/483] Add pbkdf2 input functions to psa_key_derivation_input_internal Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 82a362ca0f..bf3f2a004c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6478,6 +6478,21 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } + +static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length) +{ + switch (step) { + case PSA_KEY_DERIVATION_INPUT_SALT: + return psa_pbkdf2_set_salt(pbkdf2, data, data_length); + case PSA_KEY_DERIVATION_INPUT_PASSWORD: + return psa_pbkdf2_set_password(pbkdf2, data, data_length); + default: + return PSA_ERROR_INVALID_ARGUMENT; + } +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ /** Check whether the given key type is acceptable for the given @@ -6575,6 +6590,12 @@ static psa_status_t psa_key_derivation_input_internal( &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + status = psa_pbkdf2_input( + &operation->ctx.pbkdf2, step, data, data_length); + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { /* This can't happen unless the operation object was not initialized */ (void) data; From 3128c5d9ceaf5cbb9c714a0a1a85a1bf4793d180 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:27:57 +0530 Subject: [PATCH 144/483] Enable can_output_key with PSA_KEY_DERIVATION_INPUT_PASSWORD Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bf3f2a004c..849bb95a6e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6673,9 +6673,10 @@ psa_status_t psa_key_derivation_input_key( return status; } - /* Passing a key object as a SECRET input unlocks the permission - * to output to a key object. */ - if (step == PSA_KEY_DERIVATION_INPUT_SECRET) { + /* Passing a key object as a SECRET or PASSWORD input unlocks the + * permission to output to a key object. */ + if (step == PSA_KEY_DERIVATION_INPUT_SECRET || + step == PSA_KEY_DERIVATION_INPUT_PASSWORD) { operation->can_output_key = 1; } From f5fedf1e0da991a4818f65205980ced47a86cf74 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:29:48 +0530 Subject: [PATCH 145/483] Add pbkdf2 to psa_key_derivation_abort Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 849bb95a6e..a289895c41 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5094,6 +5094,25 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) sizeof(operation->ctx.tls12_ecjpake_to_pms.data)); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + if (operation->ctx.pbkdf2.input_cost != 0U) { + operation->ctx.pbkdf2.input_cost = 0U; + } + if (operation->ctx.pbkdf2.salt != NULL) { + mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, + operation->ctx.pbkdf2.salt_length); + mbedtls_free(operation->ctx.pbkdf2.salt); + } + if (operation->ctx.pbkdf2.password != NULL) { + mbedtls_platform_zeroize(operation->ctx.pbkdf2.password, + operation->ctx.pbkdf2.password_length); + mbedtls_free(operation->ctx.pbkdf2.password); + } + + status = PSA_SUCCESS; + } else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) */ { status = PSA_ERROR_BAD_STATE; } From 7c05c009886ab41cc66d129bab2de7ed95e7290b Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:54:33 +0530 Subject: [PATCH 146/483] Add test cases for pbkdf2 input functions Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 60 +++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index fd35c8796d..06b57ad459 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5307,6 +5307,66 @@ PSA key derivation: TLS12_ECJPAKE_TO_PMS, input too long depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, salt missing +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, password missing +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, salt and password before cost +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, password before cost +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, password bad key type +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_RAW_DATA:"706173737764":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, direct password, direct output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, direct empty password, direct output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, direct password, key output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED + +PSA key derivation: PBKDF2-HMAC-SHA256, DERIVE key as salt +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"73616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, duplicate cost step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, duplicate salt step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, reject secret step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, reject label step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, reject seed step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) From 9c9880a63f5a7aade75df1a7c982e1875ddd1aa3 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 3 May 2023 05:06:47 -0400 Subject: [PATCH 147/483] Explicitly exit IPv4 parsing on a fatal error This makes the function flow more readable. Signed-off-by: Andrzej Kurek --- library/x509_crt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 61929bea6f..6a27e92416 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2684,7 +2684,7 @@ static int x509_inet_pton_ipv4(const char *src, void *dst) /* Don't allow leading zeroes. These might mean octal format, * which this implementation does not support. */ if (octet == 0 && num_digits > 0) { - break; + return -1; } octet = octet * 10 + digit; @@ -2693,7 +2693,7 @@ static int x509_inet_pton_ipv4(const char *src, void *dst) } while (num_digits < 3); if (octet >= 256 || num_digits > 3 || num_digits == 0) { - break; + return -1; } *res++ = (uint8_t) octet; num_octets++; From 056f0c5047c139309e3bc736805262f672474e6c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 15:58:34 +0530 Subject: [PATCH 148/483] Make output_byte return not_supported for pbkdf2 As output functionality is not added yet return PSA_SUCCESS for now if inputs are passed correctly. If input validation fails operation is aborted and output_bytes will return PSA_ERROR_BAD_STATE Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 9 +++++++++ tests/suites/test_suite_psa_crypto.data | 14 +++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a289895c41..2a4ac7b2b5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5492,6 +5492,15 @@ psa_status_t psa_key_derivation_output_bytes( &operation->ctx.tls12_ecjpake_to_pms, output, output_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + /* As output functionality is not added yet return + * PSA_ERROR_NOT_SUPPORTED for now if inputs are passed correctly. + * If input validation fails operation is aborted and output_bytes + * will return PSA_ERROR_BAD_STATE */ + status = PSA_ERROR_NOT_SUPPORTED; + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { (void) kdf_alg; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 06b57ad459..d1972995ed 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5309,7 +5309,7 @@ derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KE PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5317,15 +5317,15 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, password missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, salt and password before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, password before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, password bad key type depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5333,11 +5333,11 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, direct password, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, direct empty password, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, direct password, key output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5353,7 +5353,7 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, duplicate salt step depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, reject secret step depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 From 8194285cf1f2d5384f180e26b1924b299a56c09d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 3 May 2023 16:19:16 +0200 Subject: [PATCH 149/483] Fix parsing of authorityCertSerialNumber (use valid tags) Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 5 ++--- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 08874284bc..59a694634d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -674,13 +674,12 @@ static int x509_get_authority_key_id(unsigned char **p, /* Getting authorityCertSerialNumber using the required specific class tag [2] */ if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_INTEGER | - 2)) != 0) { + MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } else { authority_key_id->authorityCertSerialNumber.len = len; authority_key_id->authorityCertSerialNumber.p = *p; - authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_OCTET_STRING; + authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; *p += len; } } diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 4d89410898..1970b5d699 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1538,7 +1538,7 @@ void x509_crt_parse_authoritykeyid(data_t *buf, /* Serial test */ TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.tag == - MBEDTLS_ASN1_OCTET_STRING); + MBEDTLS_ASN1_INTEGER); TEST_ASSERT(crt.authority_key_id.authorityCertSerialNumber.len == serialLength); } else { TEST_ASSERT(crt.authority_key_id.keyIdentifier.tag == 0); From 746dfaea3f5830b29bfcb9d48707493be7f38cd0 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 4 May 2023 09:14:08 +0200 Subject: [PATCH 150/483] Enable FFDH through PSA if it's enabled in the legacy interface Signed-off-by: Przemek Stekiel --- include/mbedtls/config_psa.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index a50f3d5338..d78391ea82 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -672,6 +672,16 @@ extern "C" { #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif /* MBEDTLS_ECP_C */ +#if defined(MBEDTLS_DHM_C) +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 +#define PSA_WANT_ALG_FFDH 1 +#define PSA_WANT_DH_FAMILY_RFC7919 1 +#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 +#endif /* MBEDTLS_DHM_C */ + #if defined(MBEDTLS_GCM_C) #define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 #define PSA_WANT_ALG_GCM 1 From b9410e89b4380653836da161b6750e1c5bc3f959 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 18:36:35 +0530 Subject: [PATCH 151/483] Fix failing CI Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 14 ++++++++------ library/psa_crypto.c | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index bbad0c4af1..bb39131972 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -264,7 +264,9 @@ extern "C" { #if defined(PSA_WANT_ALG_PBKDF2_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ #endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ #endif /* PSA_WANT_ALG_PBKDF2_HMAC */ @@ -682,12 +684,12 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC -#if defined(MBEDTLS_PKCS5_C) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define PSA_WANT_ALG_HMAC 1 -#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 -#define PSA_WANT_ALG_PBKDF2_HMAC 1 -#endif /* MBEDTLS_PKCS5_C */ +// #if defined(MBEDTLS_PKCS5_C) +// #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +// #define PSA_WANT_ALG_HMAC 1 +// #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +// #define PSA_WANT_ALG_PBKDF2_HMAC 1 +// #endif /* MBEDTLS_PKCS5_C */ #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2a4ac7b2b5..7262d84b45 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6471,7 +6471,7 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, memcpy(pbkdf2->salt, prev_salt, prev_salt_length); memcpy(pbkdf2->salt + prev_salt_length, data, - data_length); + data_length); pbkdf2->salt_length += data_length; mbedtls_free(prev_salt); } From 2488afcd71ce960a0a5636f74ef5c54ca36bde6d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 4 May 2023 10:29:05 +0200 Subject: [PATCH 152/483] Add FFDH alg to test driver extensions Signed-off-by: Przemek Stekiel --- .../test/drivers/crypto_config_test_driver_extension.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index ff2abfb372..10d8e6edeb 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -62,6 +62,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_FFDH) +#if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) +#undef MBEDTLS_PSA_ACCEL_ALG_FFDH +#else +#define MBEDTLS_PSA_ACCEL_ALG_FFDH 1 +#endif +#endif + #if defined(PSA_WANT_ALG_MD5) #if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) #undef MBEDTLS_PSA_ACCEL_ALG_MD5 From b89440394f8d4424ddd5ce927a7ecc3dac8e5a7e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 28 Apr 2023 14:09:44 +0100 Subject: [PATCH 153/483] bignum_core: Removed input checking for `mbedtls_mpi_core_shift_l` Signed-off-by: Minos Galanakis --- library/bignum_core.c | 5 ----- library/bignum_core.h | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 92a9d558a3..34223ee957 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -362,11 +362,6 @@ void mbedtls_mpi_core_shift_l(mbedtls_mpi_uint *X, size_t limbs, v0 = count / (biL); v1 = count & (biL - 1); - if (v0 > limbs || (v0 == limbs && v1 > 0)) { - memset(X, 0, limbs * ciL); - return; - } - /* * shift by count / limb_size */ diff --git a/library/bignum_core.h b/library/bignum_core.h index 2b11ccaff3..f7194982dc 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -297,7 +297,7 @@ void mbedtls_mpi_core_shift_r(mbedtls_mpi_uint *X, size_t limbs, * \brief Shift an MPI in-place left by a number of bits. * * Shifting by more bits than there are bit positions - * in \p X is valid and results in setting \p X to 0. + * in \p X will produce an unspecified result. * * This function's execution time depends on the value * of \p count (and of course \p limbs). From 2431bfaddc6a07f93fdf4aa84ab476541ebd50ff Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 4 May 2023 15:14:01 +0100 Subject: [PATCH 154/483] Remove most of the doxygen mainpage Since the API docs are now published as part of the larger documentation, it makes no sense to give an overview of Mbed TLS in the mainpage as this is already given elsewhere. Signed-off-by: David Horstmann --- doxygen/input/doc_mainpage.h | 63 ------------------------------------ 1 file changed, 63 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index c5bbf2c44e..c040fe0c03 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -28,67 +28,4 @@ * automatically generated from specially formatted comment blocks in * mbed TLS's source code using Doxygen. (See * http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen) - * - * mbed TLS has a simple setup: it provides the ingredients for an SSL/TLS - * implementation. These ingredients are listed as modules in the - * \ref mainpage_modules "Modules section". This "Modules section" introduces - * the high-level module concepts used throughout this documentation.\n - * Some examples of mbed TLS usage can be found in the \ref mainpage_examples - * "Examples section". - * - * @section mainpage_modules Modules - * - * mbed TLS supports TLSv1.0 up to TLSv1.2 communication by providing the - * following: - * - TCP/IP communication functions: listen, connect, accept, read/write. - * - SSL/TLS communication functions: init, handshake, read/write. - * - X.509 functions: CRT, CRL and key handling - * - Random number generation - * - Hashing - * - Encryption/decryption - * - * Above functions are split up neatly into logical interfaces. These can be - * used separately to provide any of the above functions or to mix-and-match - * into an SSL server/client solution that utilises a X.509 PKI. Examples of - * such implementations are amply provided with the source code. - * - * Note that mbed TLS does not provide a control channel or (multiple) session - * handling without additional work from the developer. - * - * @section mainpage_examples Examples - * - * Example server setup: - * - * \b Prerequisites: - * - X.509 certificate and private key - * - session handling functions - * - * \b Setup: - * - Load your certificate and your private RSA key (X.509 interface) - * - Setup the listening TCP socket (TCP/IP interface) - * - Accept incoming client connection (TCP/IP interface) - * - Initialise as an SSL-server (SSL/TLS interface) - * - Set parameters, e.g. authentication, ciphers, CA-chain, key exchange - * - Set callback functions RNG, IO, session handling - * - Perform an SSL-handshake (SSL/TLS interface) - * - Read/write data (SSL/TLS interface) - * - Close and cleanup (all interfaces) - * - * Example client setup: - * - * \b Prerequisites: - * - X.509 certificate and private key - * - X.509 trusted CA certificates - * - * \b Setup: - * - Load the trusted CA certificates (X.509 interface) - * - Load your certificate and your private RSA key (X.509 interface) - * - Setup a TCP/IP connection (TCP/IP interface) - * - Initialise as an SSL-client (SSL/TLS interface) - * - Set parameters, e.g. authentication mode, ciphers, CA-chain, session - * - Set callback functions RNG, IO - * - Perform an SSL-handshake (SSL/TLS interface) - * - Verify the server certificate (SSL/TLS interface) - * - Write/read data (SSL/TLS interface) - * - Close and cleanup (all interfaces) */ From 2a82474834270d3165a54c5045aac2d5614c089c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 4 May 2023 15:20:21 +0100 Subject: [PATCH 155/483] Update broken link to doxygen homepage Signed-off-by: David Horstmann --- doxygen/input/doc_mainpage.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index c040fe0c03..7fe744e89e 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -27,5 +27,5 @@ * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in * mbed TLS's source code using Doxygen. (See - * http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen) + * https://www.doxygen.nl for more information on Doxygen) */ From 89988949aedaf6428bf7f85140543a4bd2c894eb Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 4 May 2023 15:22:35 +0100 Subject: [PATCH 156/483] Minor cosmetic changes * Change "source code documentation" to "API documentation" for precision * Change "mbed TLS" to "Mbed TLS" following established convention * Use title case in the title Signed-off-by: David Horstmann --- doxygen/input/doc_mainpage.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 7fe744e89e..4053df807a 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -22,10 +22,10 @@ */ /** - * @mainpage mbed TLS v3.4.0 source code documentation + * @mainpage Mbed TLS v3.4.0 API Documentation * - * This documentation describes the internal structure of mbed TLS. It was + * This documentation describes the internal structure of Mbed TLS. It was * automatically generated from specially formatted comment blocks in - * mbed TLS's source code using Doxygen. (See + * Mbed TLS's source code using Doxygen. (See * https://www.doxygen.nl for more information on Doxygen) */ From e1621a460a6117f707580bf34691d7afaa366d64 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 5 May 2023 09:53:37 +0200 Subject: [PATCH 157/483] mbedtls_psa_ffdh_generate_key: optimize code and return fixed key size Signed-off-by: Przemek Stekiel --- library/psa_crypto_ffdh.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index de6cd75a2f..b0591b8366 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -231,24 +231,23 @@ psa_status_t mbedtls_psa_ffdh_generate_key( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_init(&P); mbedtls_mpi_init(&X); + (void) attributes; - status = mbedtls_psa_ffdh_set_prime_generator( - PSA_BITS_TO_BYTES(attributes->core.bits), &P, NULL); + status = mbedtls_psa_ffdh_set_prime_generator(key_buffer_size, &P, NULL); - if (status == PSA_SUCCESS) { - /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their - secret exponent from the range [2, P-2]. - Select random value in range [3, P-1] and decrease it by 1. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1)); - - *key_buffer_length = mbedtls_mpi_size(&X); - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer, - key_buffer_size)); + if (status != PSA_SUCCESS) { + goto cleanup; } + /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their + secret exponent from the range [2, P-2]. + Select random value in range [3, P-1] and decrease it by 1. */ + MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer, key_buffer_size)); + *key_buffer_length = key_buffer_size; + cleanup: mbedtls_mpi_free(&P); mbedtls_mpi_free(&X); if (status == PSA_SUCCESS && ret != 0) { From 134cc2e7a8649f7e9b3e1659e7b085c884bab9fc Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 5 May 2023 10:13:37 +0200 Subject: [PATCH 158/483] Fix code style Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 53 ++++++++++++++++++++------------------- library/psa_crypto_ffdh.c | 12 ++++----- 2 files changed, 33 insertions(+), 32 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4fe20b47e6..fe73fb6f6d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -136,7 +136,8 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) -static int psa_is_dh_key_size_valid(size_t bits) { +static int psa_is_dh_key_size_valid(size_t bits) +{ if (bits != 2048 && bits != 3072 && bits != 4096 && bits != 6144 && bits != 8192) { return 0; @@ -1430,48 +1431,48 @@ psa_status_t psa_export_public_key_internal( psa_key_type_t type = attributes->core.type; if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && - (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || - PSA_KEY_TYPE_IS_DH(type))) { + (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || + PSA_KEY_TYPE_IS_DH(type))) { /* Exporting public -> public */ return psa_export_key_buffer_internal( key_buffer, key_buffer_size, data, data_size, data_length); } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return mbedtls_psa_rsa_export_public_key(attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length); + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return mbedtls_psa_rsa_export_public_key(attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length); #else - /* We don't know how to convert a private RSA key to public. */ - return PSA_ERROR_NOT_SUPPORTED; + /* We don't know how to convert a private RSA key to public. */ + return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ } else if (PSA_KEY_TYPE_IS_ECC(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - return mbedtls_psa_ecp_export_public_key(attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length); + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) + return mbedtls_psa_ecp_export_public_key(attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length); #else - /* We don't know how to convert a private ECC key to public */ - return PSA_ERROR_NOT_SUPPORTED; + /* We don't know how to convert a private ECC key to public */ + return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ } else if (PSA_KEY_TYPE_IS_DH(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) - return mbedtls_psa_export_ffdh_public_key(attributes, - key_buffer, - key_buffer_size, - data, data_size, - data_length); + return mbedtls_psa_export_ffdh_public_key(attributes, + key_buffer, + key_buffer_size, + data, data_size, + data_length); #else return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index b0591b8366..cf5e36db63 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -64,7 +64,7 @@ static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, static const unsigned char dhm_G_8192[] = MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN; - switch(key_size) { + switch (key_size) { case sizeof(dhm_P_2048): dhm_P = dhm_P_2048; dhm_G = dhm_G_2048; @@ -148,7 +148,7 @@ psa_status_t mbedtls_psa_key_agreement_ffdh( status = mbedtls_psa_ffdh_set_prime_generator( PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); - if(status != PSA_SUCCESS) { + if (status != PSA_SUCCESS) { goto cleanup; } @@ -162,7 +162,7 @@ psa_status_t mbedtls_psa_key_agreement_ffdh( MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, - calculated_shared_secret_size)); + calculated_shared_secret_size)); *shared_secret_length = calculated_shared_secret_size; @@ -173,7 +173,7 @@ cleanup: mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); mbedtls_mpi_free(&K); - if(status == PSA_SUCCESS && ret != 0) { + if (status == PSA_SUCCESS && ret != 0) { status = mbedtls_to_psa_error(ret); } @@ -199,7 +199,7 @@ psa_status_t mbedtls_psa_export_ffdh_public_key( status = mbedtls_psa_ffdh_set_prime_generator( PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); - if(status != PSA_SUCCESS) { + if (status != PSA_SUCCESS) { goto cleanup; } @@ -243,7 +243,7 @@ psa_status_t mbedtls_psa_ffdh_generate_key( secret exponent from the range [2, P-2]. Select random value in range [3, P-1] and decrease it by 1. */ MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE)); + MBEDTLS_PSA_RANDOM_STATE)); MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1)); MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer, key_buffer_size)); *key_buffer_length = key_buffer_size; From e00954d0eda294dcdf060c5c66168c08982be57a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Apr 2023 15:24:32 +0200 Subject: [PATCH 159/483] pk: store opaque key ID directly in the pk_context structure Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 9 ++++++++- library/pk.c | 17 +++++++---------- library/pk_wrap.c | 24 ++++-------------------- 3 files changed, 19 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index c579661b3f..4934b3e262 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -40,7 +40,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" #endif @@ -234,10 +234,17 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; /** * \brief Public key container + * + * \note The opaque_id is guarded by MBEDTLS_PSA_CRYPTO_C and not + * only by MBEDTLS_USE_PSA_CRYPTO because it can be used also + * in mbedtls_pk_sign_ext for RSA keys. */ typedef struct mbedtls_pk_context { const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */ void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ +#if defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_svc_key_id_t MBEDTLS_PRIVATE(opaque_id); /**< Key ID for opaque keys */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ } mbedtls_pk_context; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/library/pk.c b/library/pk.c index ae1966bee3..433b65fb0c 100644 --- a/library/pk.c +++ b/library/pk.c @@ -60,6 +60,9 @@ void mbedtls_pk_init(mbedtls_pk_context *ctx) { ctx->pk_info = NULL; ctx->pk_ctx = NULL; +#if defined(MBEDTLS_PSA_CRYPTO_C) + ctx->opaque_id = MBEDTLS_SVC_KEY_ID_INIT; +#endif /* MBEDTLS_PSA_CRYPTO_C */ } /* @@ -71,7 +74,7 @@ void mbedtls_pk_free(mbedtls_pk_context *ctx) return; } - if (ctx->pk_info != NULL) { + if ((ctx->pk_info != NULL) && (ctx->pk_info->ctx_free_func != NULL)) { ctx->pk_info->ctx_free_func(ctx->pk_ctx); } @@ -140,7 +143,8 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) { + if ((info->ctx_alloc_func == NULL) || + ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL)) { return MBEDTLS_ERR_PK_ALLOC_FAILED; } @@ -158,7 +162,6 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, { const mbedtls_pk_info_t *info = NULL; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t *pk_ctx; psa_key_type_t type; if (ctx == NULL || ctx->pk_info != NULL) { @@ -179,14 +182,8 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } - if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) { - return MBEDTLS_ERR_PK_ALLOC_FAILED; - } - ctx->pk_info = info; - - pk_ctx = (mbedtls_svc_key_id_t *) ctx->pk_ctx; - *pk_ctx = key; + ctx->opaque_id = key; return 0; } diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 6c9f97bfe0..c3dea5309f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1503,22 +1503,6 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - -static void *pk_opaque_alloc_wrap(void) -{ - void *ctx = mbedtls_calloc(1, sizeof(mbedtls_svc_key_id_t)); - - /* no _init() function to call, as calloc() already zeroized */ - - return ctx; -} - -static void pk_opaque_free_wrap(void *ctx) -{ - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_svc_key_id_t)); - mbedtls_free(ctx); -} - static size_t pk_opaque_get_bitlen(mbedtls_pk_context *pk) { const mbedtls_svc_key_id_t *key = pk->pk_ctx; @@ -1635,8 +1619,8 @@ const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = { NULL, /* decrypt - not relevant */ NULL, /* encrypt - not relevant */ NULL, /* check_pair - could be done later or left NULL */ - pk_opaque_alloc_wrap, - pk_opaque_free_wrap, + NULL, /* alloc - no need to allocate new data dynamically */ + NULL, /* free - as for the alloc, there is no data to free */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, /* restart alloc - not relevant */ NULL, /* restart free - not relevant */ @@ -1687,8 +1671,8 @@ const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = { #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ NULL, /* encrypt - will be done later */ NULL, /* check_pair - could be done later or left NULL */ - pk_opaque_alloc_wrap, - pk_opaque_free_wrap, + NULL, /* alloc - no need to allocate new data dynamically */ + NULL, /* free - as for the alloc, there is no data to free */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, /* restart alloc - not relevant */ NULL, /* restart free - not relevant */ From 048cd44f7730f8f44e508ec2898dbb2ace5534d3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Apr 2023 15:26:11 +0200 Subject: [PATCH 160/483] pk: fix library code for using the new opaque key solution Signed-off-by: Valerio Setti --- library/pk.c | 6 ++---- library/pk_wrap.c | 11 ++++------- library/pkwrite.c | 11 ++++++----- library/ssl_tls12_server.c | 3 +-- tests/src/test_helpers/ssl_helpers.c | 3 +-- 5 files changed, 14 insertions(+), 20 deletions(-) diff --git a/library/pk.c b/library/pk.c index 433b65fb0c..bd6bf98b2d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -312,12 +312,11 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, return (key_usage & usage) == usage; } - const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t key_alg, key_alg2; psa_status_t status; - status = psa_get_key_attributes(*key, &attributes); + status = psa_get_key_attributes(ctx->opaque_id, &attributes); if (status != PSA_SUCCESS) { return 0; } @@ -698,10 +697,9 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, } if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) { - const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx; psa_status_t status; - status = psa_sign_hash(*key, PSA_ALG_RSA_PSS(psa_md_alg), + status = psa_sign_hash(ctx->opaque_id, PSA_ALG_RSA_PSS(psa_md_alg), hash, hash_len, sig, sig_size, sig_len); return PSA_PK_RSA_TO_MBEDTLS_ERR(status); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index c3dea5309f..d9366c149f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1505,11 +1505,10 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { #if defined(MBEDTLS_USE_PSA_CRYPTO) static size_t pk_opaque_get_bitlen(mbedtls_pk_context *pk) { - const mbedtls_svc_key_id_t *key = pk->pk_ctx; size_t bits; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - if (PSA_SUCCESS != psa_get_key_attributes(*key, &attributes)) { + if (PSA_SUCCESS != psa_get_key_attributes(pk->opaque_id, &attributes)) { return 0; } @@ -1547,7 +1546,6 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, ((void) p_rng); return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; #else /* !MBEDTLS_PK_CAN_ECDSA_SIGN && !MBEDTLS_RSA_C */ - const mbedtls_svc_key_id_t *key = pk->pk_ctx; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; psa_key_type_t type; @@ -1557,7 +1555,7 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, (void) f_rng; (void) p_rng; - status = psa_get_key_attributes(*key, &attributes); + status = psa_get_key_attributes(pk->opaque_id, &attributes); if (status != PSA_SUCCESS) { return PSA_PK_TO_MBEDTLS_ERR(status); } @@ -1578,7 +1576,7 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; /* make the signature */ - status = psa_sign_hash(*key, alg, hash, hash_len, + status = psa_sign_hash(pk->opaque_id, alg, hash, hash_len, sig, sig_size, sig_len); if (status != PSA_SUCCESS) { #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) @@ -1634,14 +1632,13 @@ static int pk_opaque_rsa_decrypt(mbedtls_pk_context *pk, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - const mbedtls_svc_key_id_t *key = pk->pk_ctx; psa_status_t status; /* PSA has its own RNG */ (void) f_rng; (void) p_rng; - status = psa_asymmetric_decrypt(*key, PSA_ALG_RSA_PKCS1V15_CRYPT, + status = psa_asymmetric_decrypt(pk->opaque_id, PSA_ALG_RSA_PKCS1V15_CRYPT, input, ilen, NULL, 0, output, osize, olen); diff --git a/library/pkwrite.c b/library/pkwrite.c index b83a13e0a6..e62ad5432a 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -188,14 +188,13 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { size_t buffer_size; - mbedtls_svc_key_id_t *key_id = (mbedtls_svc_key_id_t *) key->pk_ctx; if (*p < start) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } buffer_size = (size_t) (*p - start); - if (psa_export_public_key(*key_id, start, buffer_size, &len) + if (psa_export_public_key(key->opaque_id, start, buffer_size, &len) != PSA_SUCCESS) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } else { @@ -254,9 +253,11 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu if (pk_type == MBEDTLS_PK_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; - mbedtls_svc_key_id_t key_id; - key_id = *((mbedtls_svc_key_id_t *) key->pk_ctx); - if (PSA_SUCCESS != psa_get_key_attributes(key_id, &attributes)) { + psa_ecc_family_t curve; + size_t bits; + + if (PSA_SUCCESS != psa_get_key_attributes(key->opaque_id, + &attributes)) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } key_type = psa_get_key_type(&attributes); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 42f5fe92b4..3025725b0c 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2614,8 +2614,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - ssl->handshake->ecdh_psa_privkey = - *((mbedtls_svc_key_id_t *) pk->pk_ctx); + ssl->handshake->ecdh_psa_privkey = pk->opaque_id; /* Key should not be destroyed in the TLS library */ ssl->handshake->ecdh_psa_privkey_is_external = 1; diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index e79d152b6f..23f5977c3b 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -595,8 +595,7 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) if (cert->pkey != NULL) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx; - psa_destroy_key(*key_slot); + psa_destroy_key(cert->pkey->opaque_id); } #endif mbedtls_pk_free(cert->pkey); From 4f387ef277eab7dd43f85a03f2caa2e8096f97a3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 May 2023 14:15:59 +0200 Subject: [PATCH 161/483] pk: use better naming for the new key ID field Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 4 ++-- library/pk.c | 8 ++++---- library/pk_wrap.c | 8 ++++---- library/pkwrite.c | 4 ++-- library/ssl_tls12_server.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 2 +- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 4934b3e262..dae61da844 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -235,7 +235,7 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; /** * \brief Public key container * - * \note The opaque_id is guarded by MBEDTLS_PSA_CRYPTO_C and not + * \note The priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not * only by MBEDTLS_USE_PSA_CRYPTO because it can be used also * in mbedtls_pk_sign_ext for RSA keys. */ @@ -243,7 +243,7 @@ typedef struct mbedtls_pk_context { const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */ void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ #if defined(MBEDTLS_PSA_CRYPTO_C) - mbedtls_svc_key_id_t MBEDTLS_PRIVATE(opaque_id); /**< Key ID for opaque keys */ + mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */ #endif /* MBEDTLS_PSA_CRYPTO_C */ } mbedtls_pk_context; diff --git a/library/pk.c b/library/pk.c index bd6bf98b2d..71ab60d54c 100644 --- a/library/pk.c +++ b/library/pk.c @@ -61,7 +61,7 @@ void mbedtls_pk_init(mbedtls_pk_context *ctx) ctx->pk_info = NULL; ctx->pk_ctx = NULL; #if defined(MBEDTLS_PSA_CRYPTO_C) - ctx->opaque_id = MBEDTLS_SVC_KEY_ID_INIT; + ctx->priv_id = MBEDTLS_SVC_KEY_ID_INIT; #endif /* MBEDTLS_PSA_CRYPTO_C */ } @@ -183,7 +183,7 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, } ctx->pk_info = info; - ctx->opaque_id = key; + ctx->priv_id = key; return 0; } @@ -316,7 +316,7 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, psa_algorithm_t key_alg, key_alg2; psa_status_t status; - status = psa_get_key_attributes(ctx->opaque_id, &attributes); + status = psa_get_key_attributes(ctx->priv_id, &attributes); if (status != PSA_SUCCESS) { return 0; } @@ -699,7 +699,7 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) { psa_status_t status; - status = psa_sign_hash(ctx->opaque_id, PSA_ALG_RSA_PSS(psa_md_alg), + status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg), hash, hash_len, sig, sig_size, sig_len); return PSA_PK_RSA_TO_MBEDTLS_ERR(status); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index d9366c149f..0e5e12049a 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1508,7 +1508,7 @@ static size_t pk_opaque_get_bitlen(mbedtls_pk_context *pk) size_t bits; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - if (PSA_SUCCESS != psa_get_key_attributes(pk->opaque_id, &attributes)) { + if (PSA_SUCCESS != psa_get_key_attributes(pk->priv_id, &attributes)) { return 0; } @@ -1555,7 +1555,7 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, (void) f_rng; (void) p_rng; - status = psa_get_key_attributes(pk->opaque_id, &attributes); + status = psa_get_key_attributes(pk->priv_id, &attributes); if (status != PSA_SUCCESS) { return PSA_PK_TO_MBEDTLS_ERR(status); } @@ -1576,7 +1576,7 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; /* make the signature */ - status = psa_sign_hash(pk->opaque_id, alg, hash, hash_len, + status = psa_sign_hash(pk->priv_id, alg, hash, hash_len, sig, sig_size, sig_len); if (status != PSA_SUCCESS) { #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) @@ -1638,7 +1638,7 @@ static int pk_opaque_rsa_decrypt(mbedtls_pk_context *pk, (void) f_rng; (void) p_rng; - status = psa_asymmetric_decrypt(pk->opaque_id, PSA_ALG_RSA_PKCS1V15_CRYPT, + status = psa_asymmetric_decrypt(pk->priv_id, PSA_ALG_RSA_PKCS1V15_CRYPT, input, ilen, NULL, 0, output, osize, olen); diff --git a/library/pkwrite.c b/library/pkwrite.c index e62ad5432a..4bb9ac15fb 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -194,7 +194,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, } buffer_size = (size_t) (*p - start); - if (psa_export_public_key(key->opaque_id, start, buffer_size, &len) + if (psa_export_public_key(key->priv_id, start, buffer_size, &len) != PSA_SUCCESS) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } else { @@ -256,7 +256,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu psa_ecc_family_t curve; size_t bits; - if (PSA_SUCCESS != psa_get_key_attributes(key->opaque_id, + if (PSA_SUCCESS != psa_get_key_attributes(key->priv_id, &attributes)) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3025725b0c..ac6c10d419 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2614,7 +2614,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - ssl->handshake->ecdh_psa_privkey = pk->opaque_id; + ssl->handshake->ecdh_psa_privkey = pk->priv_id; /* Key should not be destroyed in the TLS library */ ssl->handshake->ecdh_psa_privkey_is_external = 1; diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 23f5977c3b..fbf9ea5c89 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -595,7 +595,7 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep) if (cert->pkey != NULL) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) { - psa_destroy_key(cert->pkey->opaque_id); + psa_destroy_key(cert->pkey->priv_id); } #endif mbedtls_pk_free(cert->pkey); From 484a9e138fd668e95b51ee300dae441ed2fb454d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 5 May 2023 17:03:29 +0800 Subject: [PATCH 162/483] Remove `delay milliseconds` test Signed-off-by: Jerry Yu --- tests/suites/test_suite_platform.data | 3 --- tests/suites/test_suite_platform.function | 7 +++++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_platform.data b/tests/suites/test_suite_platform.data index 39b423f3dd..4276b8fb77 100644 --- a/tests/suites/test_suite_platform.data +++ b/tests/suites/test_suite_platform.data @@ -4,6 +4,3 @@ time_get_milliseconds: Time: get seconds time_get_seconds: - -Time: delay milliseconds -time_delay_milliseconds:1000 diff --git a/tests/suites/test_suite_platform.function b/tests/suites/test_suite_platform.function index 7453c32c9c..6ae1026780 100644 --- a/tests/suites/test_suite_platform.function +++ b/tests/suites/test_suite_platform.function @@ -64,6 +64,13 @@ void time_delay_milliseconds(int delay_ms) mbedtls_ms_time_t current = mbedtls_ms_time(); mbedtls_ms_time_t elapsed_ms; + /* + * WARNING: DO NOT ENABLE THIS TEST. We keep the code here to document the + * reason. + * + * Windows CI reports random test fail on platform-suite. It might + * be caused by this case. + */ sleep_ms(delay_ms); elapsed_ms = mbedtls_ms_time() - current; From fc90decb7484d2a54016e4b4ef6f4ef279c7bfa6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 May 2023 12:30:40 +0200 Subject: [PATCH 163/483] pkwrite: removing unused/duplicated variables Signed-off-by: Valerio Setti --- library/pkwrite.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 4bb9ac15fb..88729534da 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -253,8 +253,6 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu if (pk_type == MBEDTLS_PK_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; - psa_ecc_family_t curve; - size_t bits; if (PSA_SUCCESS != psa_get_key_attributes(key->priv_id, &attributes)) { From 92da2a79aac0aff9fe80e0ec8ec598a8a34a6102 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 May 2023 12:31:23 +0200 Subject: [PATCH 164/483] pk: improve description for the next opaque ID field Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index dae61da844..8d6d60f877 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -236,7 +236,7 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; * \brief Public key container * * \note The priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not - * only by MBEDTLS_USE_PSA_CRYPTO because it can be used also + * by MBEDTLS_USE_PSA_CRYPTO because it can be used also * in mbedtls_pk_sign_ext for RSA keys. */ typedef struct mbedtls_pk_context { From 837d2d1c5e33bbe6b696290d9a4223e303a3ea12 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 5 May 2023 12:33:46 +0200 Subject: [PATCH 165/483] mbedtls_psa_export_ffdh_public_key: return fixed key size Signed-off-by: Przemek Stekiel --- library/psa_crypto_ffdh.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index cf5e36db63..6e34eaa54f 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -192,12 +192,12 @@ psa_status_t mbedtls_psa_export_ffdh_public_key( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_mpi GX, G, X, P; + (void) attributes; mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G); mbedtls_mpi_init(&X); mbedtls_mpi_init(&P); - status = mbedtls_psa_ffdh_set_prime_generator( - PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); + status = mbedtls_psa_ffdh_set_prime_generator(data_size, &P, &G); if (status != PSA_SUCCESS) { goto cleanup; @@ -209,7 +209,7 @@ psa_status_t mbedtls_psa_export_ffdh_public_key( MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&GX, &G, &X, &P, NULL)); MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&GX, data, data_size)); - *data_length = mbedtls_mpi_size(&GX); + *data_length = data_size; ret = 0; cleanup: From 908f40014cd07e0ab69021df07b07cecfe375511 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 5 May 2023 15:09:24 +0200 Subject: [PATCH 166/483] Determine special cases in-place in the common Koblitz function Remove parameter used by the special cases and check for special cases in-place. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 57 ++++++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index e7ccd41b34..3f2b798f22 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5519,6 +5519,7 @@ cleanup: #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) + /* * Fast quasi-reduction modulo P = 2^s - R, * with R about 33 bits, used by the Koblitz curves. @@ -5531,50 +5532,61 @@ cleanup: static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, size_t X_limbs, mbedtls_mpi_uint *R, - size_t P_limbs, - size_t adjust, - size_t shift, - mbedtls_mpi_uint mask) + size_t bits) { int ret = 0; - size_t A1_limbs = X_limbs - (P_limbs - adjust); - if (A1_limbs > P_limbs + adjust) { - A1_limbs = P_limbs + adjust; - } - mbedtls_mpi_uint *A1 = mbedtls_calloc(A1_limbs, ciL); + /* Determine if A1 is aligned to limb bitsize. If not then the used limbs + * of P, A0 and A1 must be set accordingly and there is a middle limb + * which is shared by A0 and A1 and need to handle accordingly. + */ + size_t shift = bits % biL; + size_t adjust = (shift + biL - 1) / biL; + size_t P_limbs = bits / biL + adjust; + + mbedtls_mpi_uint *A1 = mbedtls_calloc(P_limbs, ciL); if (A1 == NULL) { return MBEDTLS_ERR_ECP_ALLOC_FAILED; } + /* Create a buffer to store the value of `R * A1` */ size_t R_limbs = P_KOBLITZ_R; - size_t M_limbs = A1_limbs + R_limbs; + size_t M_limbs = P_limbs + R_limbs; mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); if (M == NULL) { ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; goto cleanup; } + mbedtls_mpi_uint mask = 0; + if (adjust != 0) { + mask = ((mbedtls_mpi_uint) 1 << shift) - 1; + } + for (size_t pass = 0; pass < 2; pass++) { /* Copy A1 */ - memcpy(A1, X + P_limbs - adjust, A1_limbs * ciL); + memcpy(A1, X + P_limbs - adjust, P_limbs * ciL); + + /* Shift A1 to be aligned */ if (shift != 0) { - mbedtls_mpi_core_shift_r(A1, A1_limbs, shift); + mbedtls_mpi_core_shift_r(A1, P_limbs, shift); } - /* X = A0 */ + /* Zeroize the A1 part of the shared limb */ if (mask != 0) { X[P_limbs - 1] &= mask; } - /* Zeroize the A1 part of X to keep only the A0 part */ + /* X = A0 + * Zeroize the A1 part of X to keep only the A0 part. + */ for (size_t i = P_limbs; i < X_limbs; i++) { X[i] = 0; } /* X = A0 + R * A1 */ - mbedtls_mpi_core_mul(M, A1, A1_limbs, R, R_limbs); - (void) mbedtls_mpi_core_add(X, X, M, A1_limbs + R_limbs); + mbedtls_mpi_core_mul(M, A1, P_limbs, R, R_limbs); + (void) mbedtls_mpi_core_add(X, X, M, P_limbs + R_limbs); /* Carry can not be generated since R is a 33-bit value and stored in * 64 bits. The result value of the multiplication is at most @@ -5620,8 +5632,7 @@ int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N) 0x00) }; - return ecp_mod_koblitz(N->p, N->n, Rp, - 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0); + return ecp_mod_koblitz(N->p, N->n, Rp, 192); } #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ @@ -5651,12 +5662,7 @@ int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N) 0x00) }; -#if defined(MBEDTLS_HAVE_INT64) - return ecp_mod_koblitz(N->p, N->n, Rp, 4, 1, 32, 0xFFFFFFFF); -#else - return ecp_mod_koblitz(N->p, N->n, Rp, - 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0); -#endif + return ecp_mod_koblitz(N->p, N->n, Rp, 224); } #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ @@ -5685,8 +5691,7 @@ int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N) MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; - return ecp_mod_koblitz(N->p, N->n, Rp, - 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0); + return ecp_mod_koblitz(N->p, N->n, Rp, 256); } #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ From 9bf1aaf385c3bb817fd94a1998911fba14b625dc Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Fri, 5 May 2023 16:32:28 +0200 Subject: [PATCH 167/483] Fix input parameter alignment in P256K1 test cases Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index b7b66e4181..5d0de26541 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -672,8 +672,7 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon, @property def arg_a(self) -> str: - hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb) - return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) + return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) def result(self) -> List[str]: result = self.int_a % self.int_n From 8beb25041e302df37135810ee3e3f4f42f4d2b9b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 6 May 2023 11:55:22 +0800 Subject: [PATCH 168/483] fix wrong target detection For mingw with `-std=c99`, WIN32 is not defined. Signed-off-by: Jerry Yu --- tests/suites/test_suite_platform.function | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_platform.function b/tests/suites/test_suite_platform.function index 6ae1026780..61681b8789 100644 --- a/tests/suites/test_suite_platform.function +++ b/tests/suites/test_suite_platform.function @@ -10,7 +10,8 @@ #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" -#ifdef WIN32 +#if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \ + defined(__MINGW32__) || defined(_WIN64) #include #elif _POSIX_C_SOURCE >= 199309L #include @@ -19,7 +20,8 @@ #endif void sleep_ms(int milliseconds) { -#ifdef WIN32 +#if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \ + defined(__MINGW32__) || defined(_WIN64) Sleep(milliseconds); #elif _POSIX_C_SOURCE >= 199309L struct timespec ts; From 4837e9d1c0ffa07d6a74da998aa42bb37b2c4064 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 7 May 2023 20:27:13 +0200 Subject: [PATCH 169/483] Correct comment about mbedtls error codes Signed-off-by: Gilles Peskine --- include/mbedtls/psa_util.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 32d20b5e5d..f7ed2ebfee 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -348,8 +348,8 @@ typedef struct { /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */ int16_t psa_status; /* Error codes used by Mbed TLS are in one of the ranges - * -127..-1 (low-level) or (-128) * (128..511) (high-level), - * fitting in 16 bits. */ + * -127..-1 (low-level) or -32767..-4096 (high-level with a low-level + * code optionally added), fitting in 16 bits. */ int16_t mbedtls_error; } mbedtls_error_pair_t; From ed9fb78739bc798873f31975b963f40310b003ac Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 3 May 2023 16:27:25 +0200 Subject: [PATCH 170/483] Fix parsing of KeyIdentifier (tag length error case) + test Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 47 +++++++++++++------------- tests/suites/test_suite_x509parse.data | 4 +++ 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 59a694634d..c6d73588e5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -641,10 +641,13 @@ static int x509_get_authority_key_id(unsigned char **p, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0) { - /* KeyIdentifier is an OPTIONAL field */ - } else { + ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC); + + /* KeyIdentifier is an OPTIONAL field */ + if (ret != 0 && ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } else if (ret == 0) { authority_key_id->keyIdentifier.len = len; authority_key_id->keyIdentifier.p = *p; /* Setting tag of the keyIdentfier intentionally to 0x04. @@ -663,26 +666,24 @@ static int x509_get_authority_key_id(unsigned char **p, /* authorityCertIssuer and authorityCertSerialNumber MUST both be present or both be absent. At this point we expect to have both. */ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } else { - /* "end" also includes the CertSerialNumber field so "len" shall be used */ - ret = mbedtls_x509_get_subject_alt_name_ext(p, - (*p+len), - &authority_key_id->authorityCertIssuer); - if (ret != 0) { - return ret; - } - - /* Getting authorityCertSerialNumber using the required specific class tag [2] */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } else { - authority_key_id->authorityCertSerialNumber.len = len; - authority_key_id->authorityCertSerialNumber.p = *p; - authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; - *p += len; - } } + /* "end" also includes the CertSerialNumber field so "len" shall be used */ + ret = mbedtls_x509_get_subject_alt_name_ext(p, + (*p+len), + &authority_key_id->authorityCertIssuer); + if (ret != 0) { + return ret; + } + + /* Getting authorityCertSerialNumber using the required specific class tag [2] */ + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } + authority_key_id->authorityCertSerialNumber.len = len; + authority_key_id->authorityCertSerialNumber.p = *p; + authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; + *p += len; } if (*p != end) { diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 70f1e6edfb..3075667a45 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3190,6 +3190,10 @@ X509 CRT parse Authority Key Id - Wrong KeyId Tag depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a0014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +X509 CRT parse Authority Key Id - Wrong KeyId Tag Length +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"3082039F30820287A00302010202142121EA5121F25E38DF2697F6851A9B43490DE495300D06092A864886F70D01010B0500303B310B3009060355040613024E4C3111300F060355040B0C08506F6C617253534C3119301706035504030C10506F6C617253534C2054657374204341301E170D3233303530363138333231315A170D3433303530313138333231315A303B310B3009060355040613024E4C3111300F060355040B0C08506F6C617253534C3119301706035504030C10506F6C617253534C205465737420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C14DA3DDE7CD1DD104D74972B899AC0E78E43A3C4ACF3A1316D05AE4CDA30088A7EE1E6B96A752B490EF2D727A3E249AFCB634AC24F577E026648C9CB0287DA1DAEA8CE6C91C96BCFEC10452B336D4A3FAE1B176D890C161B4665236A22653AAAB745E077D1982DB2AD81FA0D90D1C2D4966F75B257346E80B8A4F690CB50090E1DA8210667DAE542B8B657991A1E261C3CD404908EE680CF18B86D246BFD0B8AA11031E7F56A81A1E44180F0F858BDA8B445EE218C6622FC7668DFA5DD87DF327892901C5900E3F27F130C84A0EEFD6DEC7C7276BC7053D7AC4023C9A1D3E0FE834985BCB734B5296D811A22C808869395AD30FB0DE592F11C7F7EA120130970203010001A3819A308197301D0603551D0E04160414A505E864B8DCDF600F50124D60A864AF4D8B439330760603551D23046F306D80FFA505E864B8DCDF600F50124D60A864AF4D8B4393A13FA43D303B310B3009060355040613024E4C3111300F060355040B0C08506F6C617253534C3119301706035504030C10506F6C617253534C205465737420434182142121EA5121F25E38DF2697F6851A9B43490DE495300D06092A864886F70D01010B05000382010100409122DCB6D31ABA0B65F2DD7A590F30E43864F9293B889223BF320177D24B50EE202D5A88406BE68D2BD0047B72016376F64D0420BE1D639159E9B54666587434966364EF855B37155D5891C68A02D90E44206F27C7D78DE2E3BF5373521F8BBA8390151814004D099D2B46080A9E0C467B1E0D8B93BAC1E1B3AE4FD20FD83E285BA7168DC81D80B468AEB21D645490F0B87A65DDE17DAD1AF46EDF9126565592291FE159434A9D93DFFFA65F658C6DBCD02D56E591CD4B9390878288B890497E56998C845D3ED4145DAAD6A16556C2FDEAE780BE297531842B2A565824BD85128D4E459B0F370DBEC9E190FABA7D88C1514B3B6935F421B4FBC393D733A785":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_LENGTH + X509 CRT parse Authority Key Id - Wrong Issuer Tag 1 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff003fa43d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG From 67d3f526172611e793d34e93bdc77bd134c15cd1 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sat, 6 May 2023 21:14:12 +0200 Subject: [PATCH 171/483] Use int instead uint in test function arguments Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.function | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 1970b5d699..67b6c87e15 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1474,8 +1474,9 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ -void x509_crt_parse_subjectkeyid(data_t *buf, unsigned int subjectKeyIdLength, int ref_ret) +void x509_crt_parse_subjectkeyid(data_t *buf, int subjectKeyIdLength_arg, int ref_ret) { + size_t subjectKeyIdLength = subjectKeyIdLength_arg; mbedtls_x509_crt crt; mbedtls_x509_crt_init(&crt); @@ -1497,14 +1498,16 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ void x509_crt_parse_authoritykeyid(data_t *buf, - unsigned int keyIdLength, + int keyIdLength_arg, char *authorityKeyId_issuer, - unsigned int serialLength, + int serialLength_arg, int ref_ret) { mbedtls_x509_crt crt; int bufferCounter = 0; size_t issuerCounter = 0; + size_t keyIdLength = keyIdLength_arg; + size_t serialLength = serialLength_arg; unsigned int result = 0; mbedtls_x509_subject_alternative_name san; mbedtls_x509_name *pname = NULL; From 61aed064c5e3f382a252c91bd33ef837f091596b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 8 May 2023 11:14:36 +0200 Subject: [PATCH 172/483] Code optimization Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index c6d73588e5..9c7663c6fd 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -601,13 +601,13 @@ static int x509_get_subject_key_id(unsigned char **p, if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } else { - subject_key_id->len = len; - subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; - subject_key_id->p = *p; - *p += len; } + subject_key_id->len = len; + subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; + subject_key_id->p = *p; + *p += len; + if (*p != end) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); @@ -645,9 +645,7 @@ static int x509_get_authority_key_id(unsigned char **p, MBEDTLS_ASN1_CONTEXT_SPECIFIC); /* KeyIdentifier is an OPTIONAL field */ - if (ret != 0 && ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); - } else if (ret == 0) { + if (ret == 0) { authority_key_id->keyIdentifier.len = len; authority_key_id->keyIdentifier.p = *p; /* Setting tag of the keyIdentfier intentionally to 0x04. @@ -656,6 +654,8 @@ static int x509_get_authority_key_id(unsigned char **p, authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; *p += len; + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } if (*p < end) { From 6731a2580c30139683fddb818493ace0be17d7f1 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 15:54:54 +0530 Subject: [PATCH 173/483] Remove redundant code in key_derivation_abort() Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7262d84b45..0373f38098 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5096,9 +5096,6 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { - if (operation->ctx.pbkdf2.input_cost != 0U) { - operation->ctx.pbkdf2.input_cost = 0U; - } if (operation->ctx.pbkdf2.salt != NULL) { mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); From d0422f30c586bc197be1dce278ec4cceb7de6450 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 15:56:19 +0530 Subject: [PATCH 174/483] Enable empty salt as input for pbkdf2 Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0373f38098..59169d504c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6449,31 +6449,27 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_BAD_STATE; } - if (data_length != 0) { - if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { - pbkdf2->salt = mbedtls_calloc(1, data_length); - if (pbkdf2->salt == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - memcpy(pbkdf2->salt, data, data_length); - pbkdf2->salt_length = data_length; - } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { - prev_salt = pbkdf2->salt; - prev_salt_length = pbkdf2->salt_length; - pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); - if (pbkdf2->salt == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - memcpy(pbkdf2->salt, prev_salt, prev_salt_length); - memcpy(pbkdf2->salt + prev_salt_length, data, - data_length); - pbkdf2->salt_length += data_length; - mbedtls_free(prev_salt); + if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { + pbkdf2->salt = mbedtls_calloc(1, data_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; } - } else { - return PSA_ERROR_INVALID_ARGUMENT; + + memcpy(pbkdf2->salt, data, data_length); + pbkdf2->salt_length = data_length; + } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { + prev_salt = pbkdf2->salt; + prev_salt_length = pbkdf2->salt_length; + pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->salt, prev_salt, prev_salt_length); + memcpy(pbkdf2->salt + prev_salt_length, data, + data_length); + pbkdf2->salt_length += data_length; + mbedtls_free(prev_salt); } pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; From 3fc4ca727263c070fe629acb94887beafaf3b20b Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 15:57:41 +0530 Subject: [PATCH 175/483] Limit max input cost to 32bit Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 2 +- library/psa_crypto.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index d2cf4df972..5d01f6c583 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -116,7 +116,7 @@ typedef enum { typedef struct { psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state); - uint64_t MBEDTLS_PRIVATE(input_cost); + size_t MBEDTLS_PRIVATE(input_cost); uint8_t *MBEDTLS_PRIVATE(salt); size_t MBEDTLS_PRIVATE(salt_length); uint8_t *MBEDTLS_PRIVATE(password); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 59169d504c..af4ab65159 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6423,11 +6423,11 @@ static psa_status_t psa_pbkdf2_set_input_cost( if (pbkdf2->state != PSA_PBKDF2_STATE_INIT) { return PSA_ERROR_BAD_STATE; } -#if UINT_MAX > 0xFFFFFFFF + if (data > 0xFFFFFFFF) { - return PSA_ERROR_INVALID_ARGUMENT; + return PSA_ERROR_NOT_SUPPORTED; } -#endif + if (data == 0) { return PSA_ERROR_INVALID_ARGUMENT; } From 9016bc4ed26f54d08c5e22ec0f8514cdc93fe0f9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 16:04:05 +0530 Subject: [PATCH 176/483] Clean up commented code Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index bb39131972..43a499f4e3 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -684,13 +684,6 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC -// #if defined(MBEDTLS_PKCS5_C) -// #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -// #define PSA_WANT_ALG_HMAC 1 -// #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 -// #define PSA_WANT_ALG_PBKDF2_HMAC 1 -// #endif /* MBEDTLS_PKCS5_C */ - #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PRF 1 From eb2c39ed2bc6a126ae7bdb6eab0457ebd6a32cfc Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 9 May 2023 02:15:58 +0000 Subject: [PATCH 177/483] Install cryptography only on linux platform Signed-off-by: Pengyu Lv --- scripts/ci.requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index ac9c25acf4..3ddc417051 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -14,4 +14,5 @@ mypy >= 0.780 # Install cryptography to avoid import-error reported by pylint. # What we really need is cryptography >= 35.0.0, which is only # available for Python >= 3.6. -cryptography # >= 35.0.0 +cryptography >= 35.0.0; sys_platform == 'linux' and python_version >= '3.6' +cryptography; sys_platform == 'linux' and python_version < '3.6' From 4dfa368681c781282aa22e4bf3db56a12d79d3f4 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 26 Nov 2021 17:58:05 +0000 Subject: [PATCH 178/483] Fix demo scripts for out-of-tree builds Allow demo scripts to be run from the build directory for out-of-tree builds. If the executable is not found in the source tree then search in the current directory in case the script is being run from a build directory. Signed-off-by: David Horstmann --- programs/psa/key_ladder_demo.sh | 20 +++++++++++++++++++- programs/test/dlopen_demo.sh | 23 ++++++++++++++++++++++- 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index 67de085379..e21d1abf03 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -17,9 +17,27 @@ set -e -u -program="${0%/*}"/key_ladder_demo +program_name="key_ladder_demo" +program="${0%/*}/$program_name" files_to_clean= +if [ ! -e "$program" ]; then + # Look for programs in the current directory and the directories above it + for dir in "." ".." "../.."; do + program="$dir/programs/psa/$program_name" + if [ -e "$program" ]; then + break + fi + done + if [ ! -e "$program" ]; then + echo "Could not find $program_name executable" + + echo "If building out-of-tree, this script must be run" \ + "from the project build directory." + exit 1 + fi +fi + run () { echo echo "# $1" diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh index 2dde3ebeda..a6a9022fc8 100755 --- a/programs/test/dlopen_demo.sh +++ b/programs/test/dlopen_demo.sh @@ -20,8 +20,29 @@ set -e -u +program_name="dlopen" program_dir="${0%/*}" -program="$program_dir/dlopen" +program="$program_dir/$program_name" + +if [ ! -e "$program" ]; then + # Look for programs in the current directory and the directories above it + for dir in "." ".." "../.."; do + program_dir="$dir/programs/test" + program="$program_dir/$program_name" + if [ -e "$program" ]; then + break + fi + done + if [ ! -e "$program" ]; then + echo "Could not find $program_name program" + + echo "Make sure that Mbed TLS is built as a shared library." \ + "If building out-of-tree, this script must be run" \ + "from the project build directory." + exit 1 + fi +fi + top_dir="$program_dir/../.." library_dir="$top_dir/library" From 6a89a04ffe3b63c40cefaa1f46152e4fda4a1fa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 9 May 2023 20:11:51 +0200 Subject: [PATCH 179/483] Use if statement for post_build control flow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- .readthedocs.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 104ef7674a..a98bec72f6 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -15,8 +15,10 @@ build: - make apidoc - breathe-apidoc -o docs/api apidoc/xml post_build: - - '[ "$READTHEDOCS_VERSION" != "development" ] || "$READTHEDOCS_VIRTUALENV_PATH/bin/rtd" projects "Mbed TLS API" redirects sync --wet-run -f docs/redirects.yaml' - + - | + if [ "$READTHEDOCS_VERSION" = "development" ]; then + "$READTHEDOCS_VIRTUALENV_PATH/bin/rtd" projects "Mbed TLS API" redirects sync --wet-run -f docs/redirects.yaml + fi # Build documentation in the docs/ directory with Sphinx sphinx: From 09f8df86ac44ebe8b58ea3a78f222a4f9d3fc899 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 9 May 2023 20:47:49 +0200 Subject: [PATCH 180/483] Reword the API token explanation in redirects.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- docs/redirects.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/redirects.yaml b/docs/redirects.yaml index c3a13f302c..7ea1d95504 100644 --- a/docs/redirects.yaml +++ b/docs/redirects.yaml @@ -1,9 +1,10 @@ # Readthedocs redirects # See https://docs.readthedocs.io/en/stable/user-defined-redirects.html # -# In order to prevent exposing the API token, PR jobs do not update the -# redirects - changes to this file are only applied when they are merged -# into the main branch. +# Changes to this file do not take effect until they are merged into the +# 'development' branch. This is because the API token (RTD_TOKEN) is not +# made available in PR jobs - preventing bad actors from crafting PRs to +# expose it. - type: exact from_url: /projects/api/en/latest/$rest From e245c0c734f034c281c9c0d5d58fe94df711db2c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 28 Apr 2023 10:46:18 +0800 Subject: [PATCH 181/483] cert_audit: Support parsing file with multiple PEMs Previously, if a file had multiple PEM objects, only the first one would be parsed. This commit add the support so that we could parse all the PEM objects in the file. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 1ccfc2188f..d6e73fffb8 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -90,7 +90,7 @@ class AuditData: class X509Parser: """A parser class to parse crt/crl/csr file or data in PEM/DER format.""" - PEM_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n(?P.*?)-{5}END (?P=type)-{5}\n' + PEM_REGEX = br'-{5}BEGIN (?P.*?)-{5}(?P.*?)-{5}END (?P=type)-{5}' PEM_TAG_REGEX = br'-{5}BEGIN (?P.*?)-{5}\n' PEM_TAGS = { DataType.CRT: 'CERTIFICATE', @@ -277,12 +277,15 @@ class TestDataAuditor(Auditor): """ with open(filename, 'rb') as f: data = f.read() - result = self.parse_bytes(data) - if result is not None: - result.location = filename - return [result] - else: - return [] + + results = [] + for idx, m in enumerate(re.finditer(X509Parser.PEM_REGEX, data, flags=re.S), 1): + result = self.parse_bytes(data[m.start():m.end()]) + if result is not None: + result.location = "{}#{}".format(filename, idx) + results.append(result) + + return results def parse_suite_data(data_f): From fe13bd3d0e1f4deac7462c62970f6591f0988174 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 28 Apr 2023 10:58:38 +0800 Subject: [PATCH 182/483] cert_audit: Merge audit_data for identical X.509 objects Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 41 ++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index d6e73fffb8..5729ee9886 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -65,8 +65,13 @@ class AuditData: #pylint: disable=too-few-public-methods def __init__(self, data_type: DataType, x509_obj): self.data_type = data_type - self.location = "" + # the locations that the x509 object could be found + self.locations = [] # type: typing.List[str] self.fill_validity_duration(x509_obj) + self._obj = x509_obj + + def __eq__(self, __value) -> bool: + return self._obj == __value._obj def fill_validity_duration(self, x509_obj): """Read validity period from an X.509 object.""" @@ -282,7 +287,7 @@ class TestDataAuditor(Auditor): for idx, m in enumerate(re.finditer(X509Parser.PEM_REGEX, data, flags=re.S), 1): result = self.parse_bytes(data[m.start():m.end()]) if result is not None: - result.location = "{}#{}".format(filename, idx) + result.locations.append("{}#{}".format(filename, idx)) results.append(result) return results @@ -342,20 +347,38 @@ class SuiteDataAuditor(Auditor): audit_data = self.parse_bytes(bytes.fromhex(match.group('data'))) if audit_data is None: continue - audit_data.location = "{}:{}:#{}".format(filename, - data_f.line_no, - idx + 1) + audit_data.locations.append("{}:{}:#{}".format(filename, + data_f.line_no, + idx + 1)) audit_data_list.append(audit_data) return audit_data_list +def merge_auditdata(original: typing.List[AuditData]) \ + -> typing.List[AuditData]: + """ + Multiple AuditData might be extracted from different locations for + an identical X.509 object. Merge them into one entry in the list. + """ + results = [] + for x in original: + if x not in results: + results.append(x) + else: + idx = results.index(x) + results[idx].locations.extend(x.locations) + return results + + def list_all(audit_data: AuditData): - print("{}\t{}\t{}\t{}".format( + print("{:20}\t{:20}\t{:3}\t{}".format( audit_data.not_valid_before.isoformat(timespec='seconds'), audit_data.not_valid_after.isoformat(timespec='seconds'), audit_data.data_type.name, - audit_data.location)) + audit_data.locations[0])) + for loc in audit_data.locations[1:]: + print("{:20}\t{:20}\t{:3}\t{}".format('', '', '', loc)) def configure_logger(logger: logging.Logger) -> None: @@ -455,6 +478,10 @@ def main(): sd_auditor.walk_all(suite_data_files) audit_results = td_auditor.audit_data + sd_auditor.audit_data + audit_results = merge_auditdata(audit_results) + + logger.info("Total: {} objects found!".format(len(audit_results))) + # we filter out the files whose validity duration covers the provided # duration. filter_func = lambda d: (start_date < d.not_valid_before) or \ From 0b4832bbf5ece7c6d099c829887dab0dd6cd19a5 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 28 Apr 2023 11:14:28 +0800 Subject: [PATCH 183/483] cert_audit: Sort the outputs by not_valid_after date Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 5729ee9886..81c69d3701 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -487,11 +487,13 @@ def main(): filter_func = lambda d: (start_date < d.not_valid_before) or \ (d.not_valid_after < end_date) + sortby_end = lambda d: d.not_valid_after + if args.all: filter_func = None # filter and output the results - for d in filter(filter_func, audit_results): + for d in sorted(filter(filter_func, audit_results), key=sortby_end): list_all(d) logger.debug("Done!") From fd72d9f556b32c48d6e72afedd626fece0ba8a76 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 28 Apr 2023 11:17:24 +0800 Subject: [PATCH 184/483] cert_audit: Fix bug in check_cryptography_version check_cryptography_version didn't provide helpful message with Python < 3.6, because re.Match object is not subscriptable. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 81c69d3701..35ea93c0d9 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -45,7 +45,7 @@ from mbedtls_dev import build_tree def check_cryptography_version(): match = re.match(r'^[0-9]+', cryptography.__version__) - if match is None or int(match[0]) < 35: + if match is None or int(match.group(0)) < 35: raise Exception("audit-validity-dates requires cryptography >= 35.0.0" + "({} is too old)".format(cryptography.__version__)) From 13f2ef4949c3f7decb158aa4478d880242c5e05d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 5 May 2023 16:53:37 +0800 Subject: [PATCH 185/483] cert_audit: Calculate identifier for X.509 objects The identifier is calculated SHA1 hex string from the DER encoding of each X.509 objects. It's useful for finding out the identical X.509 objects. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 35ea93c0d9..73509e1543 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -31,6 +31,7 @@ import argparse import datetime import glob import logging +import hashlib from enum import Enum # The script requires cryptography >= 35.0.0 which is only available @@ -69,10 +70,20 @@ class AuditData: self.locations = [] # type: typing.List[str] self.fill_validity_duration(x509_obj) self._obj = x509_obj + encoding = cryptography.hazmat.primitives.serialization.Encoding.DER + self._identifier = hashlib.sha1(self._obj.public_bytes(encoding)).hexdigest() def __eq__(self, __value) -> bool: return self._obj == __value._obj + @property + def identifier(self): + """ + Identifier of the underlying X.509 object, which is consistent across + different runs. + """ + return self._identifier + def fill_validity_duration(self, x509_obj): """Read validity period from an X.509 object.""" # Certificate expires after "not_valid_after" From 31e3d12be957b75eae94730f1f1967873e52b016 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 5 May 2023 17:01:49 +0800 Subject: [PATCH 186/483] cert_audit: Output format improvement We should print all the information for each objects found every line. This makes it easy to analyze the output. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 73509e1543..6c8a4e81fb 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -383,13 +383,13 @@ def merge_auditdata(original: typing.List[AuditData]) \ def list_all(audit_data: AuditData): - print("{:20}\t{:20}\t{:3}\t{}".format( - audit_data.not_valid_before.isoformat(timespec='seconds'), - audit_data.not_valid_after.isoformat(timespec='seconds'), - audit_data.data_type.name, - audit_data.locations[0])) - for loc in audit_data.locations[1:]: - print("{:20}\t{:20}\t{:3}\t{}".format('', '', '', loc)) + for loc in audit_data.locations: + print("{}\t{:20}\t{:20}\t{:3}\t{}".format( + audit_data.identifier, + audit_data.not_valid_before.isoformat(timespec='seconds'), + audit_data.not_valid_after.isoformat(timespec='seconds'), + audit_data.data_type.name, + loc)) def configure_logger(logger: logging.Logger) -> None: From e09d27e7239736bb7335b770f6cc4a732e9d4dde Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 5 May 2023 17:29:12 +0800 Subject: [PATCH 187/483] cert_audit: Use dictionary to store parsed AuditData Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 32 +++++++++++++++++---------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 6c8a4e81fb..127c0a0fe0 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -209,13 +209,11 @@ class Auditor: X.509 data(DER/PEM format) to an X.509 object. - walk_all: Defaultly, it iterates over all the files in the provided file name list, calls `parse_file` for each file and stores the results - by extending Auditor.audit_data. + by extending the `results` passed to the function. """ def __init__(self, logger): self.logger = logger self.default_files = self.collect_default_files() - # A list to store the parsed audit_data. - self.audit_data = [] # type: typing.List[AuditData] self.parser = X509Parser({ DataType.CRT: { DataFormat.PEM: x509.load_pem_x509_certificate, @@ -257,15 +255,27 @@ class Auditor: return audit_data return None - def walk_all(self, file_list: typing.Optional[typing.List[str]] = None): + def walk_all(self, + results: typing.Dict[str, AuditData], + file_list: typing.Optional[typing.List[str]] = None) \ + -> None: """ - Iterate over all the files in the list and get audit data. + Iterate over all the files in the list and get audit data. The + results will be written to `results` passed to this function. + + :param results: The dictionary used to store the parsed + AuditData. The keys of this dictionary should + be the identifier of the AuditData. """ if file_list is None: file_list = self.default_files for filename in file_list: data_list = self.parse_file(filename) - self.audit_data.extend(data_list) + for d in data_list: + if d.identifier in results: + results[d.identifier].locations.extend(d.locations) + else: + results[d.identifier] = d @staticmethod def find_test_dir(): @@ -485,11 +495,9 @@ def main(): end_date = start_date # go through all the files - td_auditor.walk_all(data_files) - sd_auditor.walk_all(suite_data_files) - audit_results = td_auditor.audit_data + sd_auditor.audit_data - - audit_results = merge_auditdata(audit_results) + audit_results = {} + td_auditor.walk_all(audit_results, data_files) + sd_auditor.walk_all(audit_results, suite_data_files) logger.info("Total: {} objects found!".format(len(audit_results))) @@ -504,7 +512,7 @@ def main(): filter_func = None # filter and output the results - for d in sorted(filter(filter_func, audit_results), key=sortby_end): + for d in sorted(filter(filter_func, audit_results.values()), key=sortby_end): list_all(d) logger.debug("Done!") From ee870a6e831687c7ee660679214d37e404b4da4e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Sat, 6 May 2023 10:06:19 +0800 Subject: [PATCH 188/483] cert_audit: Remove merge_auditdata We maintain a dict with unique AudiData objects (AuditData with unique underlying X.509 objects). We don't need merge_auditdata anymore. Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 127c0a0fe0..ecde428450 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -73,9 +73,6 @@ class AuditData: encoding = cryptography.hazmat.primitives.serialization.Encoding.DER self._identifier = hashlib.sha1(self._obj.public_bytes(encoding)).hexdigest() - def __eq__(self, __value) -> bool: - return self._obj == __value._obj - @property def identifier(self): """ @@ -263,7 +260,7 @@ class Auditor: Iterate over all the files in the list and get audit data. The results will be written to `results` passed to this function. - :param results: The dictionary used to store the parsed + :param results: The dictionary used to store the parsed AuditData. The keys of this dictionary should be the identifier of the AuditData. """ @@ -376,22 +373,6 @@ class SuiteDataAuditor(Auditor): return audit_data_list -def merge_auditdata(original: typing.List[AuditData]) \ - -> typing.List[AuditData]: - """ - Multiple AuditData might be extracted from different locations for - an identical X.509 object. Merge them into one entry in the list. - """ - results = [] - for x in original: - if x not in results: - results.append(x) - else: - idx = results.index(x) - results[idx].locations.extend(x.locations) - return results - - def list_all(audit_data: AuditData): for loc in audit_data.locations: print("{}\t{:20}\t{:20}\t{:3}\t{}".format( From a57f67747453a23c97f13cedcf6b42ce71b45318 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 8 May 2023 18:07:28 +0800 Subject: [PATCH 189/483] cert_audit: Fix DER files missed from parsing Signed-off-by: Pengyu Lv --- tests/scripts/audit-validity-dates.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index ecde428450..5506e40e7f 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -302,12 +302,22 @@ class TestDataAuditor(Auditor): data = f.read() results = [] + # Try to parse all PEM blocks. + is_pem = False for idx, m in enumerate(re.finditer(X509Parser.PEM_REGEX, data, flags=re.S), 1): + is_pem = True result = self.parse_bytes(data[m.start():m.end()]) if result is not None: result.locations.append("{}#{}".format(filename, idx)) results.append(result) + # Might be DER format. + if not is_pem: + result = self.parse_bytes(data) + if result is not None: + result.locations.append("{}".format(filename)) + results.append(result) + return results From 199eab97e7af6848ea7ee8e671d170ee4603855a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 10 May 2023 09:57:19 -0400 Subject: [PATCH 190/483] Add partial support for URI SubjectAltNames Only exact matching without normalization is supported. Signed-off-by: Andrzej Kurek --- ChangeLog.d/basic-uri-verification.txt | 4 +++ include/mbedtls/x509_crt.h | 8 ++++-- library/x509_crt.c | 36 +++++++++++++++++++++++--- tests/suites/test_suite_x509parse.data | 16 ++++++++++++ 4 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 ChangeLog.d/basic-uri-verification.txt diff --git a/ChangeLog.d/basic-uri-verification.txt b/ChangeLog.d/basic-uri-verification.txt new file mode 100644 index 0000000000..aa039ea299 --- /dev/null +++ b/ChangeLog.d/basic-uri-verification.txt @@ -0,0 +1,4 @@ +Features + * X.509 hostname verification now partially supports URI Subject Alternate + Names. Only exact matching, without any normalization procedures + described in 7.4 of RFC5280, will result in a positive URI verification. diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e1b4aa238d..6675bf89df 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -641,8 +641,12 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * \param cn The expected Common Name. This will be checked to be * present in the certificate's subjectAltNames extension or, * if this extension is absent, as a CN component in its - * Subject name. DNS names and IP addresses are supported. This - * may be \c NULL if the CN need not be verified. + * Subject name. DNS names and IP addresses are fully + * supported, while the URI subtype is partially supported: + * only exact matching, without any normalization procedures + * described in 7.4 of RFC5280, will result in a positive + * URI verification. + * This may be \c NULL if the CN need not be verified. * \param flags The address at which to store the result of the verification. * If the verification couldn't be completed, the flag value is * set to (uint32_t) -1. diff --git a/library/x509_crt.c b/library/x509_crt.c index 6d62e4494a..abba05b845 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2904,6 +2904,21 @@ static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, return -1; } +static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san, + const char *cn, size_t cn_len) +{ + for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { + const unsigned char san_type = (unsigned char) cur->buf.tag & + MBEDTLS_ASN1_TAG_VALUE_MASK; + if (san_type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER && + cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) { + return 0; + } + } + + return -1; +} + /* * Check for SAN match, see RFC 5280 Section 4.2.1.6 */ @@ -2911,23 +2926,38 @@ static int x509_crt_check_san(const mbedtls_x509_sequence *san, const char *cn, size_t cn_len) { int san_ip = 0; + int san_uri = 0; + /* Prioritize DNS name over other subtypes due to popularity */ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { - case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */ + case MBEDTLS_X509_SAN_DNS_NAME: if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { return 0; } break; - case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */ + case MBEDTLS_X509_SAN_IP_ADDRESS: san_ip = 1; break; + case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: + san_uri = 1; + break; /* (We may handle other types here later.) */ default: /* Unrecognized type */ break; } } + if (san_ip) { + if (x509_crt_check_san_ip(san, cn, cn_len) == 0) { + return 0; + } + } + if (san_uri) { + if (x509_crt_check_san_uri(san, cn, cn_len) == 0) { + return 0; + } + } - return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1; + return -1; } /* diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 55ed0c55d5..0193e07ffe 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1043,6 +1043,22 @@ X509 CRT verification: mismatching IPv6 in SubjectAltName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" +X509 CRT verification: matching URI in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":0:0:"":"NULL" + +X509 CRT verification: URI with trailing data in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609cz":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" + +X509 CRT verification: URI with preceding data in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"zurn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" + +X509 CRT verification: URI with bad data in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"bad\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" + X509 CRT parse CN: IPv4 valid address x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4 From 71f41deebc2d8ae946a1847f3bf43c81332f4f42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 9 May 2023 20:11:51 +0200 Subject: [PATCH 191/483] Work around Readthedocs command parsing bug MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- .readthedocs.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index a98bec72f6..2b38c07e03 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -16,6 +16,7 @@ build: - breathe-apidoc -o docs/api apidoc/xml post_build: - | + # Work around Readthedocs bug: Command parsing fails if the 'if' statement is on the first line if [ "$READTHEDOCS_VERSION" = "development" ]; then "$READTHEDOCS_VIRTUALENV_PATH/bin/rtd" projects "Mbed TLS API" redirects sync --wet-run -f docs/redirects.yaml fi From dccb20204a79429316a4ad17133e883963022092 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 10:48:50 +0200 Subject: [PATCH 192/483] Add test component for accelerated FFDH Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 46 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 78666b41f2..f2a37f2d4c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -187,7 +187,7 @@ pre_initialize_variables () { # CFLAGS and LDFLAGS for Asan builds that don't use CMake # default to -O2, use -Ox _after_ this if you want another level - ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + ASAN_CFLAGS='-O0 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". @@ -2160,6 +2160,50 @@ component_test_psa_crypto_config_accel_ecdh () { make test } +component_test_psa_crypto_config_accel_ffdh () { + msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" + + # Algorithms and key types to accelerate + loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" + + # Configure and build the test driver library + # ------------------------------------------- + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Configure and build the main libraries + # -------------------------------------- + + # Start from default config (no USE_PSA or TLS 1.3) + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + # Disable the module that's accelerated + scripts/config.py unset MBEDTLS_DHM_C + + # Disable things that depend on it + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + + # Build the main library + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # Make sure this was not re-enabled by accident (additive config) + not grep mbedtls_dhm_ library/dhm.o + + # Run the tests + # ------------- + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" + make test +} + component_test_psa_crypto_config_accel_pake() { msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" From 013167ed7f0afa4739b6ffcbda8b9483b7d5780d Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 11 May 2023 10:54:44 +0100 Subject: [PATCH 193/483] bignum_common.py: Addressed minor typos Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/bignum_common.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 20f7ff88b6..51b25a3715 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -90,12 +90,12 @@ def hex_digits_max_int(val: str, bits_in_limb: int) -> int: return bound_mpi_limbs(l, bits_in_limb) def zfill_match(reference: str, target: str) -> str: - """ Zero pad target hex-string the match the limb size of - the refference input """ + """ Zero pad target hex-string to match the limb size of + the reference input """ lt = len(target) lr = len(reference) - targen_len = lr if lt < lr else lt - return "{:x}".format(int(target, 16)).zfill(targen_len) + target_len = lr if lt < lr else lt + return "{:x}".format(int(target, 16)).zfill(target_len) class OperationCommon(test_data_generation.BaseTest): """Common features for bignum binary operations. From bfba51d672df62b02630a9b3697e1d27d35a8687 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:01:55 +0200 Subject: [PATCH 194/483] Add FFDH support for transparent drivers(generate, export public key) Signed-off-by: Przemek Stekiel --- .../src/drivers/test_driver_key_management.c | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index a3ff2ddea6..dba0c26225 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -25,6 +25,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" #include "psa_crypto_rsa.h" +#include "psa_crypto_ffdh.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -36,6 +37,7 @@ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_ecp.h" #include "libtestdriver1/library/psa_crypto_rsa.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" #endif #include @@ -239,6 +241,17 @@ psa_status_t mbedtls_test_transparent_generate_key( #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length); +#endif + } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) + && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + return libtestdriver1_mbedtls_psa_ffdh_generate_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key, key_size, key_length); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + return mbedtls_psa_ffdh_generate_key( + attributes, key, key_size, key_length); #endif } @@ -559,6 +572,21 @@ psa_status_t mbedtls_test_transparent_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length); +#endif + } else if (PSA_KEY_TYPE_IS_DH(key_type)) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_export_ffdh_public_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) + return mbedtls_psa_export_ffdh_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); #endif } From c49163e7862c21897a1fe251f7d30e975e0361af Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:03:01 +0200 Subject: [PATCH 195/483] Adapt test driver configuration for FFDH Signed-off-by: Przemek Stekiel --- .../test/drivers/crypto_config_test_driver_extension.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 10d8e6edeb..f8b3a34a7e 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -206,6 +206,14 @@ #endif #endif +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR @@ -222,6 +230,7 @@ #endif #endif + #if defined(PSA_WANT_ALG_TLS12_PRF) #if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) #undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF @@ -283,3 +292,4 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1 From a59255f04f764fc9a04ca9bc890b451a7828cc4f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:03:54 +0200 Subject: [PATCH 196/483] Adapt guards in ffdh driver Signed-off-by: Przemek Stekiel --- library/psa_crypto_ffdh.c | 142 ++++++++++++++++++++------------------ 1 file changed, 75 insertions(+), 67 deletions(-) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index 6e34eaa54f..db30a89533 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -26,9 +26,11 @@ #include "psa_crypto_core.h" #include "psa_crypto_ffdh.h" #include "psa_crypto_random_impl.h" +#include "mbedtls/platform.h" -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, mbedtls_mpi *P, mbedtls_mpi *G) @@ -115,72 +117,12 @@ cleanup: return PSA_SUCCESS; } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || + MBEDTLS_PSA_BUILTIN_ALG_FFDH */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) -psa_status_t mbedtls_psa_key_agreement_ffdh( - const psa_key_attributes_t *attributes, - const uint8_t *peer_key, - size_t peer_key_length, - const uint8_t *key_buffer, - size_t key_buffer_size, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi P, G, X, GY, K; - const size_t calculated_shared_secret_size = peer_key_length; - - if (peer_key_length != key_buffer_size || - calculated_shared_secret_size > shared_secret_size) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); - mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); - mbedtls_mpi_init(&K); - - status = mbedtls_psa_ffdh_set_prime_generator( - PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, - key_buffer_size)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, - peer_key_length)); - - /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */ - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, - calculated_shared_secret_size)); - - *shared_secret_length = calculated_shared_secret_size; - - ret = 0; - -cleanup: - mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); - mbedtls_mpi_free(&K); - - if (status == PSA_SUCCESS && ret != 0) { - status = mbedtls_to_psa_error(ret); - } - - return status; -} -#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ - +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) psa_status_t mbedtls_psa_export_ffdh_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -256,7 +198,73 @@ cleanup: return status; } + #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) +psa_status_t mbedtls_psa_key_agreement_ffdh( + const psa_key_attributes_t *attributes, + const uint8_t *peer_key, + size_t peer_key_length, + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi P, G, X, GY, K; + const size_t calculated_shared_secret_size = peer_key_length; + + if (peer_key_length != key_buffer_size || + calculated_shared_secret_size > shared_secret_size) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); + mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); + mbedtls_mpi_init(&K); + + status = mbedtls_psa_ffdh_set_prime_generator( + PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); + + if (status != PSA_SUCCESS) { + goto cleanup; + } + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, + key_buffer_size)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, + peer_key_length)); + + /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */ + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, + calculated_shared_secret_size)); + + *shared_secret_length = calculated_shared_secret_size; + + ret = 0; + +cleanup: + mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); + mbedtls_mpi_free(&K); + + if (status == PSA_SUCCESS && ret != 0) { + status = mbedtls_to_psa_error(ret); + } + + return status; +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From c4019fa74f15232583b7765b9c44624c10a74fe7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:05:11 +0200 Subject: [PATCH 197/483] Fix peer vs our key missmatch in ffdh key agreement transparent driver Signed-off-by: Przemek Stekiel --- tests/src/drivers/test_driver_key_agreement.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index 843ebf95b3..6cfde20ad6 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/include/psa/crypto.h" #include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" #endif mbedtls_test_driver_key_agreement_hooks_t @@ -101,8 +102,8 @@ psa_status_t mbedtls_test_transparent_key_agreement( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH)) return libtestdriver1_mbedtls_psa_key_agreement_ffdh( (const libtestdriver1_psa_key_attributes_t *) attributes, + peer_key, peer_key_length, key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, shared_secret, shared_secret_size, shared_secret_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) From c80e7506a0666cc1469a109140abb5bfbe566bd7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:14:25 +0200 Subject: [PATCH 198/483] Handle simple copy import/export before driver dispatch Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 97 ++++++++++++++++++++++++++------------------ 1 file changed, 58 insertions(+), 39 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7b6f05be31..242eb8571f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -640,23 +640,6 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) - if (PSA_KEY_TYPE_IS_DH(type)) { - if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* Copy the key material. */ - memcpy(key_buffer, data, data_length); - *key_buffer_length = data_length; - *bits = PSA_BYTES_TO_BITS(data_length); - (void) key_buffer_size; - - return PSA_SUCCESS; - } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC(type)) { @@ -1426,14 +1409,7 @@ psa_status_t psa_export_public_key_internal( { psa_key_type_t type = attributes->core.type; - if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && - (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || - PSA_KEY_TYPE_IS_DH(type))) { - /* Exporting public -> public */ - return psa_export_key_buffer_internal( - key_buffer, key_buffer_size, - data, data_size, data_length); - } else if (PSA_KEY_TYPE_IS_RSA(type)) { + if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key(attributes, @@ -1514,9 +1490,23 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_key_attributes_t attributes = { .core = slot->attr }; - status = psa_driver_wrapper_export_public_key( - &attributes, slot->key.data, slot->key.bytes, - data, data_size, data_length); + + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( + psa_get_key_lifetime(&attributes)); + + if (location == PSA_KEY_LOCATION_LOCAL_STORAGE && + PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) && + (PSA_KEY_TYPE_IS_RSA(slot->attr.type) || PSA_KEY_TYPE_IS_ECC(slot->attr.type) || + PSA_KEY_TYPE_IS_DH(slot->attr.type))) { + /* Exporting public -> public */ + status = psa_export_key_buffer_internal( + slot->key.data, slot->key.bytes, + data, data_size, data_length); + } else { + status = psa_driver_wrapper_export_public_key( + &attributes, slot->key.data, slot->key.bytes, + data, data_size, data_length); + } exit: unlock_status = psa_unlock_key_slot(slot); @@ -2011,12 +2001,27 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, } } - bits = slot->attr.bits; - status = psa_driver_wrapper_import_key(attributes, - data, data_length, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); + if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type) && + PSA_KEY_TYPE_IS_DH(attributes->core.type)) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Copy the key material. */ + memcpy(slot->key.data, data, data_length); + bits = PSA_BYTES_TO_BITS(data_length); + + status = PSA_SUCCESS; + } else { + bits = slot->attr.bits; + status = psa_driver_wrapper_import_key(attributes, + data, data_length, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); + } + if (status != PSA_SUCCESS) { goto exit; } @@ -5831,11 +5836,25 @@ static psa_status_t psa_generate_derived_key_internal( goto exit; } - status = psa_driver_wrapper_import_key(&attributes, - data, bytes, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); + if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes.core.type) && + PSA_KEY_TYPE_IS_DH(attributes.core.type)) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(bytes)) == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Copy the key material. */ + memcpy(slot->key.data, data, bytes); + bits = PSA_BYTES_TO_BITS(bytes); + + status = PSA_SUCCESS; + } else { + status = psa_driver_wrapper_import_key(&attributes, + data, bytes, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); + } if (bits != slot->attr.bits) { status = PSA_ERROR_INVALID_ARGUMENT; } From ea52e1a43f6df2754877474119434e9c4c7ee803 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 12:23:12 +0200 Subject: [PATCH 199/483] Add changelog entry (FFDH driver dispatch) Signed-off-by: Przemek Stekiel --- ChangeLog.d/driver-ffdh.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/driver-ffdh.txt diff --git a/ChangeLog.d/driver-ffdh.txt b/ChangeLog.d/driver-ffdh.txt new file mode 100644 index 0000000000..1185133042 --- /dev/null +++ b/ChangeLog.d/driver-ffdh.txt @@ -0,0 +1,3 @@ +Features + * Add a driver dispatch layer for FFDH keys, enabling alternative + implementations of FFDH through the driver entry points. From 1a0feb394c1df2592ce3c148d76e90cbe60a35b9 Mon Sep 17 00:00:00 2001 From: Antonio de Angelis Date: Thu, 11 May 2023 18:39:17 +0200 Subject: [PATCH 200/483] Set LANGUAGES explicitly in CMakeLists.txt project() When Mbed TLS is built as a TF-M subproject with a recent enough version of cmake (i.e. 3.22), GNUInstallDirs complains about LANGUAGES not being set in project when the short signature is used. So make sure to use the normal signature, i.e. set the LANGUAGES option explicitly Signed-off-by: Antonio de Angelis --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8d27a82bfd..6840295242 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,9 +34,9 @@ cmake_policy(SET CMP0011 NEW) cmake_policy(SET CMP0012 NEW) if(TEST_CPP) - project("mbed TLS" C CXX) + project("mbed TLS" LANGUAGES C CXX) else() - project("mbed TLS" C) + project("mbed TLS" LANGUAGES C) endif() include(GNUInstallDirs) From dcaf99ebb82f74e9371abcf9521fec428c14d405 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 May 2023 13:59:57 +0200 Subject: [PATCH 201/483] Add another round in the Koblitz reduction The addition can result in an overflow so another round is needed in the reduction. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index db35e966cd..47f1b347d1 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5571,7 +5571,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, mask = ((mbedtls_mpi_uint) 1 << shift) - 1; } - for (size_t pass = 0; pass < 2; pass++) { + for (size_t pass = 0; pass < 3; pass++) { /* Copy A1 */ memcpy(A1, X + P_limbs - adjust, P_limbs * ciL); From b6653f3e27a68387c4d8f6053f88c2f26bbb9c6a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 8 May 2023 17:32:44 +0200 Subject: [PATCH 202/483] Update comments Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 47f1b347d1..c506dad874 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5533,7 +5533,6 @@ cleanup: * with R about 33 bits, used by the Koblitz curves. * * Write N as A0 + 2^224 A1, return A0 + R * A1. - * Actually do two passes, since R is big. */ #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R @@ -5571,6 +5570,10 @@ static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, mask = ((mbedtls_mpi_uint) 1 << shift) - 1; } + /* Two pass is needed for reducing the value of `A0 + R * A1` and + * need an additional one to reduce the possible overflow during + * the addition. + */ for (size_t pass = 0; pass < 3; pass++) { /* Copy A1 */ memcpy(A1, X + P_limbs - adjust, P_limbs * ciL); From 23b10109bbcc83214f034e802d65550fd6aa4736 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 8 May 2023 17:28:21 +0200 Subject: [PATCH 203/483] Add test cases to test overflow in the Kobltz reduction Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 2dae703d86..5f0efcf1c3 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -518,6 +518,10 @@ class EcpP192K1Raw(bignum_common.ModOperationCommon, ("fffffffffffffffffffffffffffffffffffffffdffffdc6c" "0000000000000000000000000000000100002394013c7364"), + # Test case for overflow during addition + ("00000007ffff71b809e27dd832cfd5e04d9d2dbb9f8da217" + "0000000000000000000000000000000000000000520834f0"), + # First 8 number generated by random.getrandbits(384) - seed(2,2) ("cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd" "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), @@ -582,6 +586,10 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon, ("fffffffffffffffffffffffffffffffffffffffffffffffdffffcad8" "00000000000000000000000000000000000000010000352802c26590"), + # Test case for overflow during addition + ("0000007ffff2b68161180fd8cd92e1a109be158a19a99b1809db8032" + "0000000000000000000000000000000000000000000000000bf04f49"), + # First 8 number generated by random.getrandbits(448) - seed(2,2) ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337" "15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), @@ -647,6 +655,10 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon, ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c0" "00000000000000000000000000000000000000000000001000007a4000e9844"), + # Test case for overflow during addition + ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562" + "00000000000000000000000000000000000000000000000000000000585674fd"), + # First 8 number generated by random.getrandbits(512) - seed(2,2) ("4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124" "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), From 6d62faca8efe515f20aa2b5c1d990e6289da3ad8 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 10 May 2023 14:40:05 +0100 Subject: [PATCH 204/483] Only include psa_pake_setup() and friends if some PAKE algorithms are required Signed-off-by: Tom Cosgrove --- ChangeLog.d/add-psa_want_alg_some_pake.txt | 3 +++ include/mbedtls/config_psa.h | 4 ++++ library/psa_crypto.c | 2 ++ 3 files changed, 9 insertions(+) create mode 100644 ChangeLog.d/add-psa_want_alg_some_pake.txt diff --git a/ChangeLog.d/add-psa_want_alg_some_pake.txt b/ChangeLog.d/add-psa_want_alg_some_pake.txt new file mode 100644 index 0000000000..00b3002b67 --- /dev/null +++ b/ChangeLog.d/add-psa_want_alg_some_pake.txt @@ -0,0 +1,3 @@ +Features + * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc) + if no PAKE algorithms are requested diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index d78391ea82..a351060764 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -908,6 +908,10 @@ extern "C" { #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ +#if defined(PSA_WANT_ALG_JPAKE) +#define PSA_WANT_ALG_SOME_PAKE 1 +#endif + /* These features are always enabled. */ #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_PASSWORD 1 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7b6f05be31..2bd4df107b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7384,6 +7384,7 @@ psa_status_t psa_crypto_driver_pake_get_cipher_suite( return PSA_SUCCESS; } +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) @@ -8100,5 +8101,6 @@ psa_status_t psa_pake_abort( return status; } +#endif /* PSA_WANT_ALG_SOME_PAKE */ #endif /* MBEDTLS_PSA_CRYPTO_C */ From 8075f76708323eed96e8fe0a3577aaf5c22fe74d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 May 2023 13:53:03 +0200 Subject: [PATCH 205/483] Ignore *.o everywhere We don't commit *.o files anywhere, not even as test data. So ignore them everywhere. This resolves *.o files not being ignored under 3rdparty/p256-m. Also remove a redundant ignore of *.exe in a subdirectory. Signed-off-by: Gilles Peskine --- .gitignore | 3 +++ 3rdparty/everest/.gitignore | 1 - library/.gitignore | 1 - programs/.gitignore | 3 --- tests/.gitignore | 3 --- 5 files changed, 3 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 8824ecea06..288c71b133 100644 --- a/.gitignore +++ b/.gitignore @@ -28,6 +28,9 @@ massif-* .project /.settings +# Unix-like build artifacts: +*.o + # MSVC build artifacts: *.exe *.pdb diff --git a/3rdparty/everest/.gitignore b/3rdparty/everest/.gitignore index 6eb25f66ad..f3c7a7c5da 100644 --- a/3rdparty/everest/.gitignore +++ b/3rdparty/everest/.gitignore @@ -1,2 +1 @@ -*.o Makefile diff --git a/library/.gitignore b/library/.gitignore index 18cd305eb8..b4dc918912 100644 --- a/library/.gitignore +++ b/library/.gitignore @@ -1,4 +1,3 @@ -*.o libmbed* *.sln *.vcxproj diff --git a/programs/.gitignore b/programs/.gitignore index 398152dcbc..d11db9e6b8 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -9,9 +9,6 @@ /psa/psa_constant_names_generated.c /test/query_config.c -*.o -*.exe - aes/crypt_and_hash cipher/cipher_aead_demo hash/generic_sum diff --git a/tests/.gitignore b/tests/.gitignore index 40ad061c9f..6db65d1d38 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -17,9 +17,6 @@ include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h include/test/instrument_record_status.h -src/*.o -src/test_helpers/*.o -src/drivers/*.o src/libmbed* libtestdriver1/* From cc207bc37995dc7ef29775eb13913ed87449952e Mon Sep 17 00:00:00 2001 From: Fredrik Hesse Date: Tue, 28 Sep 2021 21:06:08 +0200 Subject: [PATCH 206/483] Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. Signed-off-by: Fredrik Hesse --- configs/config-symmetric-only.h | 4 ++-- docs/architecture/mbed-crypto-storage-specification.md | 6 +++--- .../testing/driver-interface-test-strategy.md | 10 +++++----- .../architecture/testing/psa-storage-format-testing.md | 2 +- include/psa/crypto_compat.h | 2 +- include/psa/crypto_extra.h | 8 ++++---- include/psa/crypto_se_driver.h | 4 ++-- include/psa/crypto_struct.h | 4 ++-- include/psa/crypto_types.h | 4 ++-- scripts/config.py | 4 ++-- tests/include/spe/crypto_spe.h | 8 ++++---- tests/scripts/psa_collect_statuses.py | 8 ++++---- tests/src/psa_exercise_key.c | 2 +- 13 files changed, 33 insertions(+), 33 deletions(-) diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index 6aff42f1c1..a014b52733 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -25,7 +25,7 @@ #define MBEDTLS_HAVE_TIME #define MBEDTLS_HAVE_TIME_DATE -/* Mbed Crypto feature support */ +/* Mbed TLS feature support */ #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_CIPHER_MODE_CFB #define MBEDTLS_CIPHER_MODE_CTR @@ -42,7 +42,7 @@ #define MBEDTLS_USE_PSA_CRYPTO #define MBEDTLS_VERSION_FEATURES -/* Mbed Crypto modules */ +/* Mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index d46139449d..e5547c3247 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -1,9 +1,9 @@ -Mbed Crypto storage specification +Mbed TLS storage specification ================================= -This document specifies how Mbed Crypto uses storage. +This document specifies how Mbed TLS uses storage. -Mbed Crypto may be upgraded on an existing device with the storage preserved. Therefore: +Mbed TLS may be upgraded on an existing device with the storage preserved. Therefore: 1. Any change may break existing installations and may require an upgrade path. 1. This document retains historical information about all past released versions. Do not remove information from this document unless it has always been incorrect or it is about a version that you are sure was never released. diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index a726c43eb3..380fd39c43 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -1,6 +1,6 @@ -# Mbed Crypto driver interface test strategy +# Mbed TLS driver interface test strategy -This document describes the test strategy for the driver interfaces in Mbed Crypto. Mbed Crypto has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed Crypto itself; testing drivers is out of scope. +This document describes the test strategy for the driver interfaces in Mbed TLS. Mbed TLS has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed TLS itself; testing drivers is out of scope. The driver interfaces are standardized through PSA Cryptography functional specifications. @@ -16,9 +16,9 @@ Drivers exposing this interface need to be registered at compile time by declari #### Dynamic secure element driver interface -The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed Crypto and one or more third-party drivers. +The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed TLS and one or more third-party drivers. -The SE interface consists of one function provided by Mbed Crypto (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed Crypto, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function. +The SE interface consists of one function provided by Mbed TLS (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed TLS, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function. ### SE driver interface unit tests @@ -57,7 +57,7 @@ For each API function that can lead to a driver call (more precisely, for each d #### SE driver outputs -For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed Crypto handles the outputs. +For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed TLS handles the outputs. * Correct outputs. * Incorrect outputs such as an invalid output length. diff --git a/docs/architecture/testing/psa-storage-format-testing.md b/docs/architecture/testing/psa-storage-format-testing.md index 5514dfabef..a5c1fd137d 100644 --- a/docs/architecture/testing/psa-storage-format-testing.md +++ b/docs/architecture/testing/psa-storage-format-testing.md @@ -47,7 +47,7 @@ The PSA subsystem provides storage on top of the PSA trusted storage interface. * [Storage transaction file](#storage-transaction-resumption). * [Driver state files](#driver-state-files). -For a more detailed description, refer to the [Mbed Crypto storage specification](../mbed-crypto-storage-specification.md). +For a more detailed description, refer to the [Mbed TLS storage specification](../mbed-crypto-storage-specification.md). In addition, Mbed TLS includes an implementation of the PSA trusted storage interface on top of C stdio. This document addresses the test strategy for [PSA ITS over file](#psa-its-over-file) in a separate section below. diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 3544f96327..70fa14e872 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -5,7 +5,7 @@ * * This header declares alternative names for macro and functions. * New application code should not use these names. - * These names may be removed in a future version of Mbed Crypto. + * These names may be removed in a future version of Mbed TLS. * * \note This file may not be included directly. Applications must * include psa/crypto.h. diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 232a83927e..cc70e6fe52 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -106,7 +106,7 @@ static inline psa_algorithm_t psa_get_key_enrollment_algorithm( * indicates the slot number that contains it. * \retval #PSA_ERROR_NOT_PERMITTED * The caller is not permitted to query the slot number. - * Mbed Crypto currently does not return this error. + * Mbed TLS currently does not return this error. * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is not located in a secure element. */ @@ -219,7 +219,7 @@ void mbedtls_psa_crypto_free(void); * resource consumption related to the PSA keystore. * * \note The content of this structure is not part of the stable API and ABI - * of Mbed Crypto and may change arbitrarily from version to version. + * of Mbed TLS and may change arbitrarily from version to version. */ typedef struct mbedtls_psa_stats_s { /** Number of slots containing key material for a volatile key. */ @@ -248,7 +248,7 @@ typedef struct mbedtls_psa_stats_s { /** \brief Get statistics about * resource consumption related to the PSA keystore. * - * \note When Mbed Crypto is built as part of a service, with isolation + * \note When Mbed TLS is built as part of a service, with isolation * between the application and the keystore, the service may or * may not expose this function. */ @@ -956,7 +956,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * the official PSA Crypto API yet. * * \note The content of this section is not part of the stable API and ABI - * of Mbed Crypto and may change arbitrarily from version to version. + * of Mbed TLS and may change arbitrarily from version to version. * Same holds for the corresponding macros #PSA_ALG_CATEGORY_PAKE and * #PSA_ALG_JPAKE. * @{ diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 9ae631ffec..f39e2294cd 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -138,7 +138,7 @@ typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context, psa_key_location_t location); #if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C) -/* Mbed Crypto with secure element support enabled defines this type in +/* Mbed TLS with secure element support enabled defines this type in * crypto_types.h because it is also visible to applications through an * implementation-specific extension. * For the PSA Cryptography specification, this type is only visible @@ -837,7 +837,7 @@ typedef enum { * and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there * is no key with the specified slot number. * - * This is an Mbed Crypto extension. + * This is an Mbed TLS extension. */ PSA_KEY_CREATION_REGISTER, #endif diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 125a73dd0e..b309bc854c 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -35,8 +35,8 @@ * GCC and Clang initialize the whole structure to 0 (at the time of writing), * but MSVC and CompCert don't. * - * In Mbed Crypto, multipart operation structures live independently from - * the key. This allows Mbed Crypto to free the key objects when destroying + * In Mbed TLS, multipart operation structures live independently from + * the key. This allows Mbed TLS to free the key objects when destroying * a key slot. If a multipart operation needs to remember the key after * the setup function returns, the operation structure needs to contain a * copy of the key. diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index a5154fcd6b..445657eb95 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -297,7 +297,7 @@ typedef uint32_t psa_key_id_t; typedef psa_key_id_t mbedtls_svc_key_id_t; #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ -/* Implementation-specific: The Mbed Cryptography library can be built as +/* Implementation-specific: The Mbed TLS library can be built as * part of a multi-client service that exposes the PSA Cryptography API in each * client and encodes the client identity in the key identifier argument of * functions such as psa_open_key(). @@ -439,7 +439,7 @@ typedef struct psa_key_attributes_s psa_key_attributes_t; #ifndef __DOXYGEN_ONLY__ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -/* Mbed Crypto defines this type in crypto_types.h because it is also +/* Mbed TLS defines this type in crypto_types.h because it is also * visible to applications through an implementation-specific extension. * For the PSA Cryptography specification, this type is only visible * via crypto_se_driver.h. */ diff --git a/scripts/config.py b/scripts/config.py index 92a4aadc84..8ab75ade22 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -2,7 +2,7 @@ """Mbed TLS configuration file manipulation library and tool -Basic usage, to read the Mbed TLS or Mbed Crypto configuration: +Basic usage, to read the Mbed TLS configuration: config = ConfigFile() if 'MBEDTLS_RSA_C' in config: print('RSA is enabled') """ @@ -467,7 +467,7 @@ if __name__ == '__main__': def main(): """Command line mbedtls_config.h manipulation tool.""" parser = argparse.ArgumentParser(description=""" - Mbed TLS and Mbed Crypto configuration file manipulation tool. + Mbed TLS and Mbed TLS configuration file manipulation tool. """) parser.add_argument('--file', '-f', help="""File to read (and modify if requested). diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h index a79ce17385..de842642d4 100644 --- a/tests/include/spe/crypto_spe.h +++ b/tests/include/spe/crypto_spe.h @@ -19,13 +19,13 @@ /** * \file crypto_spe.h * - * \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option - * enabled, this header is included by all .c files in Mbed Crypto that + * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option + * enabled, this header is included by all .c files in Mbed TLS that * use PSA Crypto function names. This avoids duplication of symbols - * between TF-M and Mbed Crypto. + * between TF-M and Mbed TLS. * * \note This file should be included before including any PSA Crypto headers - * from Mbed Crypto. + * from Mbed TLS. */ #ifndef CRYPTO_SPE_H diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index b086793c40..f685bab8e0 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -1,13 +1,13 @@ #!/usr/bin/env python3 """Describe the test coverage of PSA functions in terms of return statuses. -1. Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG +1. Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG 2. Run psa_collect_statuses.py The output is a series of line of the form "psa_foo PSA_ERROR_XXX". Each function/status combination appears only once. -This script must be run from the top of an Mbed Crypto source tree. +This script must be run from the top of an Mbed TLS source tree. The build command is "make -DRECORD_PSA_STATUS_COVERAGE_LOG", which is only supported with make (as opposed to CMake or other build methods). """ @@ -46,7 +46,7 @@ class Statuses: def collect_log(self, log_file_name): """Read logs from RECORD_PSA_STATUS_COVERAGE_LOG. - Read logs produced by running Mbed Crypto test suites built with + Read logs produced by running Mbed TLS test suites built with -DRECORD_PSA_STATUS_COVERAGE_LOG. """ with open(log_file_name) as log: @@ -82,7 +82,7 @@ class Statuses: def collect_status_logs(options): """Build and run unit tests and report observed function return statuses. - Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the + Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the test suites and display information about observed return statuses. """ rebuilt = False diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 5cb2296df4..f6289347c8 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -72,7 +72,7 @@ static int check_key_attributes_sanity(mbedtls_svc_key_id_t key) psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number); if (lifetime_is_dynamic_secure_element(lifetime)) { - /* Mbed Crypto currently always exposes the slot number to + /* Mbed TLS currently always exposes the slot number to * applications. This is not mandated by the PSA specification * and may change in future versions. */ TEST_EQUAL(status, 0); From 0ec8a90d48cf65c6434ec354ced5f838e05e52f2 Mon Sep 17 00:00:00 2001 From: Fredrik Hesse Date: Mon, 4 Oct 2021 22:13:51 +0200 Subject: [PATCH 207/483] Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. Signed-off-by: Fredrik Hesse --- docs/architecture/mbed-crypto-storage-specification.md | 2 ++ scripts/config.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index e5547c3247..87ccd748b5 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -2,6 +2,8 @@ Mbed TLS storage specification ================================= This document specifies how Mbed TLS uses storage. +Key storage was originally introduced in a product called Mbed Crypto, which was re-distributed via Mbed TLS and has since been merged into Mbed TLS. +This document contains historical information both from before and after this merge. Mbed TLS may be upgraded on an existing device with the storage preserved. Therefore: diff --git a/scripts/config.py b/scripts/config.py index 8ab75ade22..bc99d87a4d 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -467,7 +467,7 @@ if __name__ == '__main__': def main(): """Command line mbedtls_config.h manipulation tool.""" parser = argparse.ArgumentParser(description=""" - Mbed TLS and Mbed TLS configuration file manipulation tool. + Mbed TLS configuration file manipulation tool. """) parser.add_argument('--file', '-f', help="""File to read (and modify if requested). From 95bd5a5004949e37e17556d10061ee2fcf5a999f Mon Sep 17 00:00:00 2001 From: Fredrik Hesse Date: Sat, 23 Oct 2021 09:55:04 +0200 Subject: [PATCH 208/483] Minor adjustments after review. Signed-off-by: Fredrik Hesse --- docs/architecture/mbed-crypto-storage-specification.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index 87ccd748b5..3c8370d221 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -5,7 +5,7 @@ This document specifies how Mbed TLS uses storage. Key storage was originally introduced in a product called Mbed Crypto, which was re-distributed via Mbed TLS and has since been merged into Mbed TLS. This document contains historical information both from before and after this merge. -Mbed TLS may be upgraded on an existing device with the storage preserved. Therefore: +Mbed Crypto may be upgraded on an existing device with the storage preserved. Therefore: 1. Any change may break existing installations and may require an upgrade path. 1. This document retains historical information about all past released versions. Do not remove information from this document unless it has always been incorrect or it is about a version that you are sure was never released. From 229bf1031fd71a3e6fa26bd4b757a91d9bedfada Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 May 2023 11:13:55 +0200 Subject: [PATCH 209/483] pk: make mbedtls_pk_ec internal when !ECP_C mbedtls_pk_ec() is not an ideal function because: - it provides direct access to the ecp_keypair structure wrapped by the pk_context and - this bypasses the PK module's control However, since for backward compatibility, it cannot be deprecated immediately, 2 alternative internal functions are proposed. As a consequence: - when ECP_C is defined, then the legacy mbedtls_pk_ec is available - when only ECP_LIGHT is defined, but ECP_C is not, then only the new internal functions will be available Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 4 +-- library/pk_internal.h | 68 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 library/pk_internal.h diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 8d6d60f877..ec2a2513ec 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -778,7 +778,7 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk) } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_ECP_C) /** * Quick access to an EC context inside a PK context. * @@ -801,7 +801,7 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) return NULL; } } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_PK_PARSE_C) /** \ingroup pk_module */ diff --git a/library/pk_internal.h b/library/pk_internal.h new file mode 100644 index 0000000000..a51482e0ea --- /dev/null +++ b/library/pk_internal.h @@ -0,0 +1,68 @@ +/** + * \file pk_internal.h + * + * \brief Public Key abstraction layer: internal (i.e. library only) functions + * and definitions. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef MBEDTLS_PK_INTERNAL_H +#define MBEDTLS_PK_INTERNAL_H + +#if defined(MBEDTLS_ECP_LIGHT) +#include "mbedtls/ecp.h" +#endif + +#if defined(MBEDTLS_ECP_LIGHT) +/** + * Public function mbedtls_pk_ec() can be used to get direct access to the + * wrapped ecp_keypair strucure pointed to the pk_ctx. However this is not + * ideal because it bypasses the PK module on the control of its internal's + * structure (pk_context) fields. + * For backward compatibility we keep mbedtls_pk_ec() when ECP_C is defined, but + * we provide 2 very similar function when only ECP_LIGHT is enabled and not + * ECP_C. + * These variants embed the "ro" or "rw" keywords in their name to make the + * usage of the returned pointer explicit. Of course the returned value is + * const or non-const accordingly. + */ +static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_context pk) +{ + switch (mbedtls_pk_get_type(&pk)) { + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); + default: + return NULL; + } +} + +static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) +{ + switch (mbedtls_pk_get_type(&pk)) { + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); + default: + return NULL; + } +} +#endif /* MBEDTLS_ECP_LIGHT */ + +#endif /* MBEDTLS_PK_INTERNAL_H */ From 77a75685ed955ec163230b857dfd4cb5648dd339 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 May 2023 11:18:46 +0200 Subject: [PATCH 210/483] pk: align library and tests code to the new internal functions Note = programs are not aligned to this change because: - the original mbedtls_pk_ec is not ufficially deprecated - that function is used in tests when ECP_C is defined, so the legacy version of that function is available in that case Signed-off-by: Valerio Setti --- include/mbedtls/x509.h | 1 + library/pk.c | 2 +- library/pkparse.c | 21 +++++++------- library/pkwrite.c | 9 +++--- library/ssl_tls.c | 4 +-- library/ssl_tls12_client.c | 2 +- library/ssl_tls12_server.c | 6 ++-- library/x509_crt.c | 2 +- tests/suites/test_suite_pk.function | 35 ++++++++++++------------ tests/suites/test_suite_pkparse.function | 9 +++--- 10 files changed, 48 insertions(+), 43 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 7faf176b5a..ba2396a5b1 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -27,6 +27,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" +#include "pk_internal.h" #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" diff --git a/library/pk.c b/library/pk.c index 71ab60d54c..d92de6945c 100644 --- a/library/pk.c +++ b/library/pk.c @@ -879,7 +879,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_status_t status; /* export the private key material in the format PSA wants */ - ec = mbedtls_pk_ec(*pk); + ec = mbedtls_pk_ec_rw(*pk); d_len = PSA_BITS_TO_BYTES(ec->grp.nbits); if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) { return ret; diff --git a/library/pkparse.c b/library/pkparse.c index ade8a04cab..87b707dc88 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -26,6 +26,7 @@ #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "pk_internal.h" #include @@ -795,14 +796,14 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) { - ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, &mbedtls_pk_ec(*pk)->grp); + ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, &mbedtls_pk_ec_rw(*pk)->grp); } else #endif { - ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec(*pk)->grp); + ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec_rw(*pk)->grp); } if (ret == 0) { - ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec(*pk)); + ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec_rw(*pk)); } } else #endif /* MBEDTLS_ECP_LIGHT */ @@ -1231,10 +1232,10 @@ static int pk_parse_key_pkcs8_unencrypted_der( if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) { - if ((ret = - pk_use_ecparams_rfc8410(¶ms, ec_grp_id, &mbedtls_pk_ec(*pk)->grp)) != 0 || + if ((ret = pk_use_ecparams_rfc8410(¶ms, ec_grp_id, + &mbedtls_pk_ec_rw(*pk)->grp)) != 0 || (ret = - pk_parse_key_rfc8410_der(mbedtls_pk_ec(*pk), p, len, end, f_rng, + pk_parse_key_rfc8410_der(mbedtls_pk_ec_rw(*pk), p, len, end, f_rng, p_rng)) != 0) { mbedtls_pk_free(pk); return ret; @@ -1242,8 +1243,8 @@ static int pk_parse_key_pkcs8_unencrypted_der( } else #endif { - if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec(*pk)->grp)) != 0 || - (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), p, len, f_rng, p_rng)) != 0) { + if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec_rw(*pk)->grp)) != 0 || + (ret = pk_parse_key_sec1_der(mbedtls_pk_ec_rw(*pk), p, len, f_rng, p_rng)) != 0) { mbedtls_pk_free(pk); return ret; } @@ -1430,7 +1431,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || - (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), + (ret = pk_parse_key_sec1_der(mbedtls_pk_ec_rw(*pk), pem.buf, pem.buflen, f_rng, p_rng)) != 0) { mbedtls_pk_free(pk); @@ -1554,7 +1555,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, #if defined(MBEDTLS_ECP_LIGHT) pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); if (mbedtls_pk_setup(pk, pk_info) == 0 && - pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), + pk_parse_key_sec1_der(mbedtls_pk_ec_rw(*pk), key, keylen, f_rng, p_rng) == 0) { return 0; } diff --git a/library/pkwrite.c b/library/pkwrite.c index 88729534da..1f606a4481 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -26,6 +26,7 @@ #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "pk_internal.h" #include @@ -182,7 +183,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #endif #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec(*key))); + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec_rw(*key))); } else #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -246,7 +247,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu pk_type = mbedtls_pk_get_type(key); #if defined(MBEDTLS_ECP_LIGHT) if (pk_type == MBEDTLS_PK_ECKEY) { - ec_grp_id = mbedtls_pk_ec(*key)->grp.id; + ec_grp_id = mbedtls_pk_ec_ro(*key)->grp.id; } #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -469,7 +470,7 @@ end_of_export: #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key); + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*key); size_t pub_len = 0, par_len = 0; #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) @@ -591,7 +592,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410_curve(mbedtls_pk_ec(*key)->grp.id)) { + if (mbedtls_pk_is_rfc8410_curve(mbedtls_pk_ec_ro(*key)->grp.id)) { begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8; } else diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cd87164714..fe666e88cc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7388,9 +7388,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, /* and in the unlikely case the above assumption no longer holds * we are making sure that pk_ec() here does not return a NULL */ - const mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); + const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); if (ec == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec() returned NULL")); + MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec_ro() returned NULL")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index d94d8295cd..0940bdb67c 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2007,7 +2007,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - peer_key = mbedtls_pk_ec(*peer_pk); + peer_key = mbedtls_pk_ec_ro(*peer_pk); #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t olen = 0; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index ac6c10d419..38a3fc4221 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -666,7 +666,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk, uint16_t *curves_tls_id) { uint16_t *curr_tls_id = curves_tls_id; - mbedtls_ecp_group_id grp_id = mbedtls_pk_ec(*pk)->grp.id; + mbedtls_ecp_group_id grp_id = mbedtls_pk_ec_ro(*pk)->grp.id; mbedtls_ecp_group_id curr_grp_id; while (*curr_tls_id != 0) { @@ -2636,7 +2636,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: - key = mbedtls_pk_ec(*pk); + key = mbedtls_pk_ec_ro(*pk); if (key == NULL) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -2704,7 +2704,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) } if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, - mbedtls_pk_ec(*mbedtls_ssl_own_key(ssl)), + mbedtls_pk_ec_ro(*mbedtls_ssl_own_key(ssl)), MBEDTLS_ECDH_OURS)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); return ret; diff --git a/library/x509_crt.c b/library/x509_crt.c index 6d62e4494a..2f6d9248ce 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -237,7 +237,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, if (pk_alg == MBEDTLS_PK_ECDSA || pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { - const mbedtls_ecp_group_id gid = mbedtls_pk_ec(*pk)->grp.id; + const mbedtls_ecp_group_id gid = mbedtls_pk_ec_ro(*pk)->grp.id; if (gid == MBEDTLS_ECP_DP_NONE) { return -1; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 0591029254..f36c6be3c5 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -6,6 +6,7 @@ #include "mbedtls/base64.h" #include "mbedtls/ecp.h" #include "mbedtls/rsa.h" +#include "pk_internal.h" #include "hash_info.h" @@ -101,20 +102,20 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { int ret; - if ((ret = mbedtls_ecp_group_load(&mbedtls_pk_ec(*pk)->grp, + if ((ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, parameter)) != 0) { return ret; } #if defined(MBEDTLS_USE_PSA_CRYPTO) - return pk_genkey_ec(&mbedtls_pk_ec(*pk)->grp, - &mbedtls_pk_ec(*pk)->d, - &mbedtls_pk_ec(*pk)->Q); + return pk_genkey_ec(&mbedtls_pk_ec_rw(*pk)->grp, + &mbedtls_pk_ec_rw(*pk)->d, + &mbedtls_pk_ec_rw(*pk)->Q); #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_ECP_C) - return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp, - &mbedtls_pk_ec(*pk)->d, - &mbedtls_pk_ec(*pk)->Q, + return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, + &mbedtls_pk_ec_rw(*pk)->d, + &mbedtls_pk_ec_rw(*pk)->Q, mbedtls_test_rnd_std_rand, NULL); #endif /* MBEDTLS_ECP_C */ } @@ -709,7 +710,7 @@ void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash, TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA)); - eckey = mbedtls_pk_ec(pk); + eckey = mbedtls_pk_ec_rw(pk); TEST_ASSERT(mbedtls_ecp_group_load(&eckey->grp, id) == 0); TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q, @@ -745,12 +746,12 @@ void pk_sign_verify_restart(int pk_type, int grp_id, char *d_str, memset(sig, 0, sizeof(sig)); TEST_ASSERT(mbedtls_pk_setup(&prv, mbedtls_pk_info_from_type(pk_type)) == 0); - TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(prv)->grp, grp_id) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec(prv)->d, d_str) == 0); + TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(prv)->grp, grp_id) == 0); + TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec_rw(prv)->d, d_str) == 0); TEST_ASSERT(mbedtls_pk_setup(&pub, mbedtls_pk_info_from_type(pk_type)) == 0); - TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(pub)->grp, grp_id) == 0); - TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec(pub)->Q, 16, QX_str, QY_str) == 0); + TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(pub)->grp, grp_id) == 0); + TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec_rw(pub)->Q, 16, QX_str, QY_str) == 0); mbedtls_ecp_set_max_ops(max_ops); @@ -1316,8 +1317,8 @@ void pk_psa_sign(int parameter_arg, /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ pkey_legacy_start = pkey_legacy + sizeof(pkey_legacy) - klen_legacy; #else - ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec(pk)->grp), - &(mbedtls_pk_ec(pk)->Q), + ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(pk)->grp), + &(mbedtls_pk_ec_ro(pk)->Q), MBEDTLS_ECP_PF_UNCOMPRESSED, &klen_legacy, pkey_legacy, sizeof(pkey_legacy)); @@ -1379,10 +1380,10 @@ void pk_psa_sign(int parameter_arg, TEST_EQUAL(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); TEST_EQUAL(mbedtls_ecp_group_load( - &(mbedtls_pk_ec(pk)->grp), + &(mbedtls_pk_ec_rw(pk)->grp), (mbedtls_ecp_group_id) parameter_arg), 0); - TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec(pk)->grp), - &(mbedtls_pk_ec(pk)->Q), + TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp), + &(mbedtls_pk_ec_rw(pk)->Q), pkey_legacy_start, klen_legacy), 0); #endif TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 838a7dba7f..e0e33000da 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -3,6 +3,7 @@ #include "mbedtls/pem.h" #include "mbedtls/oid.h" #include "mbedtls/ecp.h" +#include "pk_internal.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -83,9 +84,9 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) TEST_ASSERT(res == result); if (res == 0) { - mbedtls_ecp_keypair *eckey; + const mbedtls_ecp_keypair *eckey; TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); - eckey = mbedtls_pk_ec(ctx); + eckey = mbedtls_pk_ec_ro(ctx); TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0); } @@ -110,9 +111,9 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) TEST_ASSERT(res == result); if (res == 0) { - mbedtls_ecp_keypair *eckey; + const mbedtls_ecp_keypair *eckey; TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); - eckey = mbedtls_pk_ec(ctx); + eckey = mbedtls_pk_ec_ro(ctx); TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0); } From 3f00b84dd1721256501e4b8b4f3fada29cff0e75 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 May 2023 12:57:06 +0200 Subject: [PATCH 211/483] pk: fix build issues Signed-off-by: Valerio Setti --- include/mbedtls/x509.h | 1 - library/pk.c | 1 + library/ssl_misc.h | 1 + library/ssl_tls12_server.c | 2 +- library/x509_crt.c | 1 + 5 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index ba2396a5b1..7faf176b5a 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -27,7 +27,6 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" -#include "pk_internal.h" #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" diff --git a/library/pk.c b/library/pk.c index d92de6945c..7e772829aa 100644 --- a/library/pk.c +++ b/library/pk.c @@ -23,6 +23,7 @@ #include "mbedtls/pk.h" #include "pk_wrap.h" #include "pkwrite.h" +#include "pk_internal.h" #include "hash_info.h" diff --git a/library/ssl_misc.h b/library/ssl_misc.h index d7c47e661c..17149c59e6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -55,6 +55,7 @@ #endif #include "mbedtls/pk.h" +#include "pk_internal.h" #include "common.h" /* Shorthand for restartable ECC */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 38a3fc4221..aa3e306a4a 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2636,7 +2636,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: - key = mbedtls_pk_ec_ro(*pk); + key = mbedtls_pk_ec_rw(*pk); if (key == NULL) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } diff --git a/library/x509_crt.c b/library/x509_crt.c index 2f6d9248ce..34a561359f 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -50,6 +50,7 @@ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "hash_info.h" #include "x509_invasive.h" +#include "pk_internal.h" #include "mbedtls/platform.h" From f70b3e08b15cbd84d444861c6f47d8a1ab13d9b8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 May 2023 12:57:40 +0200 Subject: [PATCH 212/483] pk: fix: explicilty set const in casted value in mbedtls_pk_ec_ro Signed-off-by: Valerio Setti --- library/pk_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index a51482e0ea..7c4f285719 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -46,7 +46,7 @@ static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_conte case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: - return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); + return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); default: return NULL; } From a274041190c48d9c78b24ae68254233d1a12ab32 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 15 May 2023 14:50:17 +0200 Subject: [PATCH 213/483] Fix comment Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index c506dad874..b07753a074 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5570,8 +5570,8 @@ static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X, mask = ((mbedtls_mpi_uint) 1 << shift) - 1; } - /* Two pass is needed for reducing the value of `A0 + R * A1` and - * need an additional one to reduce the possible overflow during + /* Two passes are needed to reduce the value of `A0 + R * A1` and then + * we need an additional one to reduce the possible overflow during * the addition. */ for (size_t pass = 0; pass < 3; pass++) { From 69482f9499e0cd17befbeb4e1ab615a276106a85 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 16 May 2023 10:32:01 +0200 Subject: [PATCH 214/483] Add test to cover memory leak in authorityCertIssuer case Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.data | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 55ed0c55d5..46fa1e8f39 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3314,3 +3314,8 @@ x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f X509 CRT parse Authority Key Id - Wrong Issuer Tag 2 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3131303231323134343430305a170d3231303231323134343430305a303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c205465737420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0df37fc17bbe0969d3f86de96327d44a516a0cd21f199d4eceacb7c18580894a5ec9bc58bdf1a1e993899871e7bc08d39df385d707807d39ed993e8b97251c5cea33052a9f2e7407014cb44a2720bc2e540f93ee5a60eb3f9ec4a63c0b82900749c573ba8a5049071f1bd83d93fd6a5e23c2a8fef2760c3c69fcbbaec607db7e68432be4ffb582622035bd4b4d5fbf5e3962e70c0e42ebdfc2eeee24155c0342e7d247269cb47b11440837d67f486f631abf179a4b2b52e12f98417f0626f273e1358b1540d219a7337a130cf6f92dcf6e9fcacdb2e28d17e024b23a015f238656409ea0c6e8e1b17a071c8b39bc9abe9c3f2cf87968f8002329e99586fa2d50203010001a38195308192300c0603551d13040530030101ff301d0603551d0e04160414b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30630603551d23045c305a8014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdffa13f003d303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341820100300d06092a864886f70d01010505000382010100b8fd54d80054908b25b027dd95cda2f784071d87894ac47811d807b5d722508e48eb627a3289be634753ffb6bef12e8c54c0993fa0b93723725f0d46598fd847cd974c9f070c1262093a24e436d9e92cda38d0737561d7c16c268b9be0d5dc67ed8c6b33d774223c4cdbb58d2ace2c0d0859050905a6399fb3671be283e5e18f53f66793c7f96f76445812e83ad497e7e9c03ea87a723d87531fe52c8484e79a9e7f66d91f9bf51348b04d14d1deb224d9787df535cc5819d1d299ef4d73f81f89d45ad052ce09f5b146516a008e3bcc6f63010099ed9da60860cd3218d073e05871d9e5d253d78dd0cae95d2a0a0d5d55ec21501716e6064acd5edef7e0e954":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +# clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer +X509 CRT parse Authority Key Id - Wrong Issuer sequence +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C +x509_crt_parse_authoritykeyid:"308201883082016FA0030201020209202020202020202020300D06092A864886F70D010104050030233110300E0603202020130720202020202020310F300D06032020201306202020202020301E170D3131303530383230353934385A170D3134303530373230353934385A30233110300E0603202020130720202020202020310F300D06032020201306202020202020305C300D06092A864886F70D0101010500034B003048024120202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020FF02032020FFA38185308182301D060320202004162020202020202020202020202020202020202020202030530603551D23044C304A80142020202020202020202020202020202020202020A12AA42530233110300E0603202020130720202020202020310F300D0603202020130620202020202082002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA From 690ff698f72ae642de359477cc762c891ea69cc1 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 15 May 2023 09:54:02 +0200 Subject: [PATCH 215/483] mbedtls_x509_crt_free: release authorityCertIssuer sequence Signed-off-by: Przemek Stekiel --- library/x509_crt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index 6d62e4494a..5491b55bf0 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -3195,6 +3195,7 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); + mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len); From de4cbc54d313761708b97906d2b109a84abd0d92 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 May 2023 12:04:57 +0200 Subject: [PATCH 216/483] Fix copypasta Signed-off-by: Gilles Peskine --- docs/architecture/psa-crypto-implementation-structure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md index 3fe074f352..7114ec2711 100644 --- a/docs/architecture/psa-crypto-implementation-structure.md +++ b/docs/architecture/psa-crypto-implementation-structure.md @@ -125,7 +125,7 @@ New constants must have a test case in `tests/suites/test_suite_psa_crypto_metad Each cryptographic mechanism is optional and can be selected by the application at build time. For each feature `PSA_ttt_xxx`: * The feature is available to applications when the preprocessor symbol `PSA_WANT_ttt_xxx` is defined. These symbols are set: - * If `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled: based on the available mechanisms in Mbed TLS, deduced from `mbedtls/mbedtls_config.h` by code in `include/mbedtls/config_psa.h`. + * If `MBEDTLS_PSA_CRYPTO_CONFIG` is disabled: based on the available mechanisms in Mbed TLS, deduced from `mbedtls/mbedtls_config.h` by code in `include/mbedtls/config_psa.h`. * if `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled: in the application configuration file `include/psa/crypto_config.h` (or `MBEDTLS_PSA_CRYPTO_CONFIG_FILE`, plus `MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`), with code in `include/mbedtls/config_psa.h` deducing the necessary underlying `MBEDTLS_xxx` symbols. * For transparent keys (keys that are not in a secure element), the feature is implemented by Mbed TLS if `MBEDTLS_PSA_BUILTIN_ttt_xxx` is defined, and by an accelerator driver if `MBEDTLS_PSA_ACCEL_ttt_xxx` is defined. `MBEDTLS_PSA_BUILTIN_ttt_xxx` constants are set in `include/mbedtls/config_psa.h` based on the application requests `PSA_WANT_ttt_xxx` and the accelerator driver declarations `MBEDTLS_PSA_ACCEL_ttt_xxx`. * For the testing of the driver dispatch code, `tests/include/test/drivers/crypto_config_test_driver_extension.h` sets additional `MBEDTLS_PSA_ACCEL_xxx` symbols. From 0b11ee08882e10f5512f9150cb42be620b1ccffb Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 16 May 2023 13:26:06 +0200 Subject: [PATCH 217/483] Fix compilation errors(unused variables, guards) Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 242eb8571f..ec23830a2e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -129,9 +129,6 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) (void) hash_alg; return global_data.drivers_initialized; } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ - defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) static int psa_is_dh_key_size_valid(size_t bits) { if (bits != 2048 && bits != 3072 && bits != 4096 && @@ -141,9 +138,6 @@ static int psa_is_dh_key_size_valid(size_t bits) return 1; } -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || - MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || - PSA_WANT_KEY_TYPE_DH_KEY_PAIR */ psa_status_t mbedtls_to_psa_error(int ret) { @@ -1450,6 +1444,11 @@ psa_status_t psa_export_public_key_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ } else { + (void) key_buffer; + (void) key_buffer_size; + (void) data; + (void) data_size; + (void) data_length; return PSA_ERROR_NOT_SUPPORTED; } } From 99453ad9f03c8cbbcd4b12f1818b104eec81814b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 16 May 2023 15:26:06 +0100 Subject: [PATCH 218/483] bignum_core.py: Simplified result calculation for `BignumCoreShiftL` Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/bignum_core.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 2abf77ac8a..ff3fd23e68 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -122,7 +122,7 @@ class BignumCoreShiftL(BignumCoreTarget, bignum_common.ModOperationCommon): # Calculate if there is space for shifting to the left(leading zero limbs) mx = bignum_common.hex_digits_max_int(self.val_n, self.bits_in_limb) # If there are empty limbs ahead, adjust the bitmask accordingly - result = result & (self.r - 1) if mx == self.r else result & (mx - 1) + result = result & (mx - 1) return [self.format_result(result)] @property From dacfe563700e703f30f7a3dd3044b0d253786fd8 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 May 2023 14:05:13 +0200 Subject: [PATCH 219/483] Add `_raw` function to P192K1 Modified the testing to use the generic fast reduction test function. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 12 ++++---- library/ecp_invasive.h | 2 +- scripts/mbedtls_dev/ecp.py | 8 +++-- tests/suites/test_suite_ecp.function | 46 +++++----------------------- 4 files changed, 20 insertions(+), 48 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index b07753a074..feda4ce354 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4613,7 +4613,7 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi *); #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static int ecp_mod_p192k1(mbedtls_mpi *); MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p192k1(mbedtls_mpi *); +int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) static int ecp_mod_p224k1(mbedtls_mpi *); @@ -5629,21 +5629,21 @@ static int ecp_mod_p192k1(mbedtls_mpi *N) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t expected_width = 2 * ((192 + biL - 1) / biL); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p192k1(N); + ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width); cleanup: return ret; } MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N) +int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, - 0x00) + MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00) }; - return ecp_mod_koblitz(N->p, N->n, Rp, 192); + return ecp_mod_koblitz(X, X_limbs, Rp, 192); } #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 68187acbc8..78e0bcbf72 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -176,7 +176,7 @@ int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs); * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 */ MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N); +int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 5f0efcf1c3..76a369701a 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -494,8 +494,8 @@ class EcpP192K1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ECP P192K1 fast reduction.""" symbol = "-" - test_function = "ecp_mod_p192k1" - test_name = "ecp_mod_p192k1" + test_function = "ecp_mod_p_generic_raw" + test_name = "ecp_mod_p192k1_raw" input_style = "fixed" arity = 1 dependencies = ["MBEDTLS_ECP_DP_SECP192K1_ENABLED"] @@ -557,6 +557,10 @@ class EcpP192K1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True + def arguments(self): + args = super().arguments() + return ["MBEDTLS_ECP_DP_SECP192K1"] + args + class EcpP224K1Raw(bignum_common.ModOperationCommon, EcpTarget): diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index f034d6fc81..9d33e4df4e 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1327,6 +1327,13 @@ void ecp_mod_p_generic_raw(int curve_id, curve_bits = 522; curve_func = &mbedtls_ecp_mod_p521_raw; break; +#endif +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) + case MBEDTLS_ECP_DP_SECP192K1: + limbs = 2 * limbs_N; + curve_bits = 192; + curve_func = &mbedtls_ecp_mod_p192k1_raw; + break; #endif default: mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__); @@ -1355,45 +1362,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP192K1_ENABLED */ -void ecp_mod_p192k1(char *input_N, - char *input_X, - char *result) -{ - mbedtls_mpi X; - mbedtls_mpi N; - mbedtls_mpi res; - - mbedtls_mpi_init(&X); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&res); - - TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0); - - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n)); - - size_t limbs = N.n; - size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - - TEST_EQUAL(X.n, 2 * limbs); - TEST_EQUAL(res.n, limbs); - - TEST_EQUAL(mbedtls_ecp_mod_p192k1(&X), 0); - TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0); - TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 192); - ASSERT_COMPARE(X.p, bytes, res.p, bytes); - -exit: - mbedtls_mpi_free(&X); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&res); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP224K1_ENABLED */ void ecp_mod_p224k1(char *input_N, char *input_X, From e42bb6294e49e4ce7f3319e7f3840fa118a1a2c6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 May 2023 14:10:57 +0200 Subject: [PATCH 220/483] Add `_raw` function to P224K1 Modified the testing to use the generic fast reduction test function. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 20 ++++++------- library/ecp_invasive.h | 3 +- scripts/mbedtls_dev/ecp.py | 10 +++++-- tests/suites/test_suite_ecp.function | 45 +++++----------------------- 4 files changed, 26 insertions(+), 52 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index feda4ce354..708dcec5f1 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4618,7 +4618,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) static int ecp_mod_p224k1(mbedtls_mpi *); MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224k1(mbedtls_mpi *); +int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) static int ecp_mod_p256k1(mbedtls_mpi *); @@ -5650,30 +5650,30 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +/* + * Fast quasi-reduction modulo p224k1 = 2^224 - R, + * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 + */ static int ecp_mod_p224k1(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t expected_width = 2 * 224 / biL; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p224k1(N); + ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width); cleanup: return ret; } -/* - * Fast quasi-reduction modulo p224k1 = 2^224 - R, - * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 - */ MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N) +int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, - 0x00) + MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00) }; - return ecp_mod_koblitz(N->p, N->n, Rp, 224); + return ecp_mod_koblitz(X, X_limbs, Rp, 224); } #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 78e0bcbf72..744945c333 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -179,10 +179,11 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ + #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N); +int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 76a369701a..7efb32d893 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -566,8 +566,8 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ECP P224 fast reduction.""" symbol = "-" - test_function = "ecp_mod_p224k1" - test_name = "ecp_mod_p224k1" + test_function = "ecp_mod_p_generic_raw" + test_name = "ecp_mod_p224k1_raw" input_style = "fixed" arity = 1 dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"] @@ -586,7 +586,7 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon, # 2^224 - 1 "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - # Maximum canonical P224 multiplication result + # Maximum canonical P224K1 multiplication result ("fffffffffffffffffffffffffffffffffffffffffffffffdffffcad8" "00000000000000000000000000000000000000010000352802c26590"), @@ -630,6 +630,10 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True + def arguments(self): + args = super().arguments() + return ["MBEDTLS_ECP_DP_SECP224K1"] + args + class EcpP256K1Raw(bignum_common.ModOperationCommon, EcpTarget): diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 9d33e4df4e..f55c184a49 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1334,6 +1334,13 @@ void ecp_mod_p_generic_raw(int curve_id, curve_bits = 192; curve_func = &mbedtls_ecp_mod_p192k1_raw; break; +#endif +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) + case MBEDTLS_ECP_DP_SECP224K1: + limbs = 448 / biL; + curve_bits = 224; + curve_func = &mbedtls_ecp_mod_p224k1_raw; + break; #endif default: mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__); @@ -1362,44 +1369,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP224K1_ENABLED */ -void ecp_mod_p224k1(char *input_N, - char *input_X, - char *result) -{ - mbedtls_mpi X; - mbedtls_mpi N; - mbedtls_mpi res; - - mbedtls_mpi_init(&X); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&res); - - TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0); - - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n)); - - size_t limbs = N.n; - size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - - TEST_LE_U(X.n, 448 / biL); - TEST_EQUAL(res.n, limbs); - - TEST_EQUAL(mbedtls_ecp_mod_p224k1(&X), 0); - TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0); - TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 224); - ASSERT_COMPARE(X.p, bytes, res.p, bytes); - -exit: - mbedtls_mpi_free(&X); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&res); -} -/* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP256K1_ENABLED */ void ecp_mod_p256k1(char *input_N, From 03558b847e2505c4919d55ce2fe4eee179c43067 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 2 May 2023 14:12:25 +0200 Subject: [PATCH 221/483] Add `_raw` function to P256K1 Modified the testing to use the generic fast reduction test function. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 21 +++++++------ library/ecp_invasive.h | 2 +- scripts/mbedtls_dev/ecp.py | 18 ++++++++--- tests/suites/test_suite_ecp.function | 47 +++++----------------------- 4 files changed, 32 insertions(+), 56 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 708dcec5f1..c217c40a80 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4623,7 +4623,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) static int ecp_mod_p256k1(mbedtls_mpi *); MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p256k1(mbedtls_mpi *); +int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(ECP_LOAD_GROUP) @@ -5680,30 +5680,31 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +/* + * Fast quasi-reduction modulo p256k1 = 2^256 - R, + * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 + */ static int ecp_mod_p256k1(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t expected_width = 2 * ((256 + biL - 1) / biL); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = mbedtls_ecp_mod_p256k1(N); + ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width); cleanup: return ret; } -/* - * Fast quasi-reduction modulo p256k1 = 2^256 - R, - * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 - */ MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N) +int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) { static mbedtls_mpi_uint Rp[] = { - MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, - 0x00) + MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00) }; - return ecp_mod_koblitz(N->p, N->n, Rp, 256); + return ecp_mod_koblitz(X, X_limbs, Rp, 256); } + #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #if defined(MBEDTLS_TEST_HOOKS) diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 744945c333..cfa12e9be7 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -190,7 +190,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N); +int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 7efb32d893..c9fb5e55e8 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -639,8 +639,8 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ECP P256 fast reduction.""" symbol = "-" - test_function = "ecp_mod_p256k1" - test_name = "ecp_mod_p256k1" + test_function = "ecp_mod_p_generic_raw" + test_name = "ecp_mod_p256k1_raw" input_style = "fixed" arity = 1 dependencies = ["MBEDTLS_ECP_DP_SECP256K1_ENABLED"] @@ -659,9 +659,13 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon, # 2^256 - 1 "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - # Maximum canonical P256 multiplication result - ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c0" - "00000000000000000000000000000000000000000000001000007a4000e9844"), + # Maximum canonical P256K1 multiplication result + ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c" + "000000000000000000000000000000000000000000000001000007a4000e9844"), + + # Test case for overflow during addition + ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562" + "00000000000000000000000000000000000000000000000000000000585674fd"), # Test case for overflow during addition ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562" @@ -702,6 +706,10 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True + def arguments(self): + args = super().arguments() + return ["MBEDTLS_ECP_DP_SECP256K1"] + args + class EcpP448Raw(bignum_common.ModOperationCommon, EcpTarget): diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index f55c184a49..af69aaff29 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1341,6 +1341,13 @@ void ecp_mod_p_generic_raw(int curve_id, curve_bits = 224; curve_func = &mbedtls_ecp_mod_p224k1_raw; break; +#endif +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) + case MBEDTLS_ECP_DP_SECP256K1: + limbs = 2 * limbs_N; + curve_bits = 256; + curve_func = &mbedtls_ecp_mod_p256k1_raw; + break; #endif default: mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__); @@ -1369,46 +1376,6 @@ exit: } /* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP256K1_ENABLED */ -void ecp_mod_p256k1(char *input_N, - char *input_X, - char *result) -{ - mbedtls_mpi X; - mbedtls_mpi N; - mbedtls_mpi res; - - mbedtls_mpi_init(&X); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&res); - - TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); - TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0); - - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n)); - TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n)); - - size_t limbs = N.n; - size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - - TEST_LE_U(X.n, 2 * limbs); - TEST_EQUAL(res.n, limbs); - - TEST_EQUAL(mbedtls_ecp_mod_p256k1(&X), 0); - TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0); - TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 256); - ASSERT_COMPARE(X.p, bytes, res.p, bytes); - -exit: - mbedtls_mpi_free(&X); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&res); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_CURVE448_ENABLED */ void ecp_mod_p448(char *input_N, char *input_X, From caac83c517effd6dedf29767874708bf751ddc03 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 16 May 2023 17:41:26 +0200 Subject: [PATCH 222/483] Fix comment Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index c217c40a80..149697087e 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5532,7 +5532,7 @@ cleanup: * Fast quasi-reduction modulo P = 2^s - R, * with R about 33 bits, used by the Koblitz curves. * - * Write N as A0 + 2^224 A1, return A0 + R * A1. + * Write X as A0 + 2^224 A1, return A0 + R * A1. */ #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R From 25418ac73475c350f94ea8adf48da0c48fcfced7 Mon Sep 17 00:00:00 2001 From: valord577 Date: Mon, 31 Oct 2022 15:17:37 +0800 Subject: [PATCH 223/483] Fix: no newline when debug msg over DEBUG_BUF_SIZE Signed-off-by: valord577 --- library/debug.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/debug.c b/library/debug.c index 3969616f4f..a0cad43659 100644 --- a/library/debug.c +++ b/library/debug.c @@ -84,6 +84,10 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, str[ret] = '\n'; str[ret + 1] = '\0'; } + else + { + str[DEBUG_BUF_SIZE - 2] = '\n'; + } debug_send_line(ssl, level, file, line, str); } From 9ecf5f96df4aec225bac216fd77674bf8cdbf71d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 31 Oct 2022 11:11:27 +0000 Subject: [PATCH 224/483] Update library/debug.c Fix trailing white-space Signed-off-by: Dave Rodgman --- library/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/debug.c b/library/debug.c index a0cad43659..5c8d573dc6 100644 --- a/library/debug.c +++ b/library/debug.c @@ -84,7 +84,7 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, str[ret] = '\n'; str[ret + 1] = '\0'; } - else + else { str[DEBUG_BUF_SIZE - 2] = '\n'; } From 24da0cd0f93a6b9e6bad8f4060eb6e7eb0ab7096 Mon Sep 17 00:00:00 2001 From: valord577 Date: Wed, 15 Feb 2023 19:01:16 +0800 Subject: [PATCH 225/483] send debug msg if contains '\n' Signed-off-by: valord577 --- library/debug.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/library/debug.c b/library/debug.c index 5c8d573dc6..09a1d9efdf 100644 --- a/library/debug.c +++ b/library/debug.c @@ -68,6 +68,7 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, va_list argp; char str[DEBUG_BUF_SIZE]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int newline = -1; if (NULL == ssl || NULL == ssl->conf || @@ -80,16 +81,26 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp); va_end(argp); - if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) { - str[ret] = '\n'; - str[ret + 1] = '\0'; - } - else - { - str[DEBUG_BUF_SIZE - 2] = '\n'; + if (DEBUG_BUF_SIZE >= 2) { + if (ret < 0) { + newline = 0; + } else { + newline = ret; + if (ret >= DEBUG_BUF_SIZE - 1) { + newline = DEBUG_BUF_SIZE - 2; + } + } } - debug_send_line(ssl, level, file, line, str); + /* + * Send if str contains '\n'. + */ + if (newline >= 0) { + str[newline] = '\n'; + str[newline + 1] = '\0'; + + debug_send_line(ssl, level, file, line, str); + } } void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, From 536893c22fb446b220fb11bd4f6b8ffc79377467 Mon Sep 17 00:00:00 2001 From: valord577 Date: Wed, 15 Feb 2023 19:31:39 +0800 Subject: [PATCH 226/483] make code readable and change var name Signed-off-by: valord577 --- library/debug.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/library/debug.c b/library/debug.c index 09a1d9efdf..b146e76c04 100644 --- a/library/debug.c +++ b/library/debug.c @@ -68,7 +68,11 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, va_list argp; char str[DEBUG_BUF_SIZE]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int newline = -1; + int eol = -1; + +#if defined(static_assert) + static_assert(DEBUG_BUF_SIZE >= 2) +#endif if (NULL == ssl || NULL == ssl->conf || @@ -81,23 +85,21 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp); va_end(argp); - if (DEBUG_BUF_SIZE >= 2) { - if (ret < 0) { - newline = 0; - } else { - newline = ret; - if (ret >= DEBUG_BUF_SIZE - 1) { - newline = DEBUG_BUF_SIZE - 2; - } + if (ret < 0) { + eol= 0; + } else { + eol= ret; + if (ret >= DEBUG_BUF_SIZE - 1) { + eol = DEBUG_BUF_SIZE - 2; } } /* * Send if str contains '\n'. */ - if (newline >= 0) { - str[newline] = '\n'; - str[newline + 1] = '\0'; + if (eol >= 0) { + str[eol] = '\n'; + str[eol + 1] = '\0'; debug_send_line(ssl, level, file, line, str); } From 176e92711c46d2f44ba222096790474b421ae233 Mon Sep 17 00:00:00 2001 From: valord577 Date: Wed, 15 Feb 2023 19:45:12 +0800 Subject: [PATCH 227/483] code style Signed-off-by: valord577 --- library/debug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/debug.c b/library/debug.c index b146e76c04..0e98548575 100644 --- a/library/debug.c +++ b/library/debug.c @@ -86,9 +86,9 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, va_end(argp); if (ret < 0) { - eol= 0; + eol = 0; } else { - eol= ret; + eol = ret; if (ret >= DEBUG_BUF_SIZE - 1) { eol = DEBUG_BUF_SIZE - 2; } From 5bfcd1c63b2eb23548db502c95e832c3c447c69d Mon Sep 17 00:00:00 2001 From: valord577 Date: Wed, 15 Feb 2023 21:46:47 +0800 Subject: [PATCH 228/483] simplify code Signed-off-by: valord577 --- library/debug.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/library/debug.c b/library/debug.c index 0e98548575..ad56573145 100644 --- a/library/debug.c +++ b/library/debug.c @@ -68,7 +68,6 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, va_list argp; char str[DEBUG_BUF_SIZE]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int eol = -1; #if defined(static_assert) static_assert(DEBUG_BUF_SIZE >= 2) @@ -86,23 +85,16 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, va_end(argp); if (ret < 0) { - eol = 0; + ret = 0; } else { - eol = ret; if (ret >= DEBUG_BUF_SIZE - 1) { - eol = DEBUG_BUF_SIZE - 2; + ret = DEBUG_BUF_SIZE - 2; } } + str[ret] = '\n'; + str[ret + 1] = '\0'; - /* - * Send if str contains '\n'. - */ - if (eol >= 0) { - str[eol] = '\n'; - str[eol + 1] = '\0'; - - debug_send_line(ssl, level, file, line, str); - } + debug_send_line(ssl, level, file, line, str); } void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, From ed59ea76a6a8b4732d8f0dfd382afd512c41600d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 15 Feb 2023 17:41:28 +0000 Subject: [PATCH 229/483] Document minimum size for DEBUG_BUF_SIZE Signed-off-by: Dave Rodgman --- library/debug.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/debug.c b/library/debug.c index ad56573145..8a5b28758c 100644 --- a/library/debug.c +++ b/library/debug.c @@ -30,6 +30,7 @@ #include #include +/* DEBUG_BUF_SIZE must be at least 2 */ #define DEBUG_BUF_SIZE 512 static int debug_threshold = 0; From 8508e50d3dbb61014a58e594ca46ee3ffb4c42a0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 16 May 2023 16:43:48 +0100 Subject: [PATCH 230/483] Make use of MBEDTLS_STATIC_ASSERT Signed-off-by: Dave Rodgman --- library/debug.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/debug.c b/library/debug.c index 8a5b28758c..e3dfaefb08 100644 --- a/library/debug.c +++ b/library/debug.c @@ -70,9 +70,7 @@ void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, char str[DEBUG_BUF_SIZE]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(static_assert) - static_assert(DEBUG_BUF_SIZE >= 2) -#endif + MBEDTLS_STATIC_ASSERT(DEBUG_BUF_SIZE >= 2, "DEBUG_BUF_SIZE too small"); if (NULL == ssl || NULL == ssl->conf || From 0144b35f7d8b637a7bf29c8d7883622bdab75620 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 2 May 2023 14:02:32 +0100 Subject: [PATCH 231/483] bignum: Updated `mbedtls_mpi_shift_l` to use the core method. Signed-off-by: Minos Galanakis --- library/bignum.c | 32 ++------------------------------ 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 2421c1a3ec..e686a1ba23 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -750,13 +750,9 @@ int mbedtls_mpi_write_binary(const mbedtls_mpi *X, int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, v0, t1; - mbedtls_mpi_uint r0 = 0, r1; + size_t i; MPI_VALIDATE_RET(X != NULL); - v0 = count / (biL); - t1 = count & (biL - 1); - i = mbedtls_mpi_bitlen(X) + count; if (X->n * biL < i) { @@ -765,31 +761,7 @@ int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count) ret = 0; - /* - * shift by count / limb_size - */ - if (v0 > 0) { - for (i = X->n; i > v0; i--) { - X->p[i - 1] = X->p[i - v0 - 1]; - } - - for (; i > 0; i--) { - X->p[i - 1] = 0; - } - } - - /* - * shift by count % limb_size - */ - if (t1 > 0) { - for (i = v0; i < X->n; i++) { - r1 = X->p[i] >> (biL - t1); - X->p[i] <<= t1; - X->p[i] |= r0; - r0 = r1; - } - } - + mbedtls_mpi_core_shift_l(X->p, X->n, count); cleanup: return ret; From 2056d098938d70d6bdf4cefe38e4950a07f41e25 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 2 May 2023 14:53:58 +0100 Subject: [PATCH 232/483] bignum: Updated documentation for `mbedtls_mpi_shift_l()` Signed-off-by: Minos Galanakis --- include/mbedtls/bignum.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 5c2c8431b0..e7f3131740 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -594,6 +594,8 @@ int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X, * \brief Perform a left-shift on an MPI: X <<= count * * \param X The MPI to shift. This must point to an initialized MPI. + * The MPI pointed by \p X may be resized to fit + * the resulting number. * \param count The number of bits to shift by. * * \return \c 0 if successful. From 4fa8334bae7a29e4d4b541cf5f0ebf2ac1b6b7d7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 1 May 2023 22:30:54 +0100 Subject: [PATCH 233/483] Convert curve 448 to use ecp core functions Signed-off-by: Paul Elliott --- library/ecp_curves.c | 100 ++++++++++++++++++--------- library/ecp_invasive.h | 2 +- tests/suites/test_suite_ecp.function | 2 +- 3 files changed, 71 insertions(+), 33 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index b07753a074..094b25c675 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -22,6 +22,7 @@ #if defined(MBEDTLS_ECP_LIGHT) #include "mbedtls/ecp.h" +#include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -4608,7 +4609,7 @@ static int ecp_mod_p255(mbedtls_mpi *); #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) static int ecp_mod_p448(mbedtls_mpi *); MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p448(mbedtls_mpi *); +int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *, size_t); #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static int ecp_mod_p192k1(mbedtls_mpi *); @@ -5455,7 +5456,18 @@ static int ecp_mod_p255(mbedtls_mpi *N) static int ecp_mod_p448(mbedtls_mpi *N) { - return mbedtls_ecp_mod_p448(N); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((448 + biL - 1) / biL); + + /* This is required as some tests and use cases do not pass in a Bignum of + * the correct size, and expect the growth to be done automatically, which + * will no longer happen. */ + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + + ret = mbedtls_ecp_mod_p448(N->p, N->n); + +cleanup: + return ret; } /* @@ -5470,56 +5482,82 @@ static int ecp_mod_p448(mbedtls_mpi *N) * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. */ MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p448(mbedtls_mpi *N) +int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *N, size_t N_limbs) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; - mbedtls_mpi M, Q; - mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (N->n <= P448_WIDTH) { + if (N_limbs <= P448_WIDTH) { return 0; } - /* M = A1 */ - M.s = 1; - M.n = N->n - (P448_WIDTH); - if (M.n > P448_WIDTH) { + size_t M_limbs = N_limbs - (P448_WIDTH); + size_t Q_limbs = M_limbs; + + if (M_limbs > P448_WIDTH) { /* Shouldn't be called with N larger than 2^896! */ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - M.p = Mp; - memset(Mp, 0, sizeof(Mp)); - memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint)); - /* N = A0 */ - for (i = P448_WIDTH; i < N->n; i++) { - N->p[i] = 0; + /* Extra limb for carry below. */ + M_limbs++; + + mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL); + + if (M == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; } - /* N += A1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); + /* M = A1 */ + memset(M, 0, (M_limbs * ciL)); + + /* Do not copy into the overflow limb, as this would read past the end of + * N. */ + memcpy(M, N + P448_WIDTH, ((M_limbs - 1) * ciL)); + + /* N = A0 */ + for (i = P448_WIDTH; i < N_limbs; i++) { + N[i] = 0; + } + + /* N += A1 - Carry here dealt with by oversize M and N. */ + (void) mbedtls_mpi_core_add(N, N, M, M_limbs); /* Q = B1, N += B1 */ - Q = M; - Q.p = Qp; - memcpy(Qp, Mp, sizeof(Qp)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Q, 224)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q)); + mbedtls_mpi_uint *Q = mbedtls_calloc(Q_limbs, ciL); + + if (Q == NULL) { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } + + memcpy(Q, M, (Q_limbs * ciL)); + + mbedtls_mpi_core_shift_r(Q, Q_limbs, 224); + + /* No carry here - only max 224 bits */ + (void) mbedtls_mpi_core_add(N, N, Q, Q_limbs); /* M = (B0 + B1) * 2^224, N += M */ if (sizeof(mbedtls_mpi_uint) > 4) { - Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); + M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); } - for (i = P224_WIDTH_MAX; i < M.n; ++i) { - Mp[i] = 0; + for (i = P224_WIDTH_MAX; i < M_limbs; ++i) { + M[i] = 0; } - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q)); - M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */ - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224)); - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); + + (void) mbedtls_mpi_core_add(M, M, Q, Q_limbs); + + /* Shifted carry bit from the addition is dealt with by oversize M */ + mbedtls_mpi_core_shift_l(M, M_limbs, 224); + (void) mbedtls_mpi_core_add(N, N, M, M_limbs); + + ret = 0; cleanup: + mbedtls_free(M); + mbedtls_free(Q); + return ret; } #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 68187acbc8..4cf4f6e4b4 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -196,7 +196,7 @@ int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N); #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p448(mbedtls_mpi *N); +int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *N, size_t N_limbs); #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index f034d6fc81..95aaef2a37 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1499,7 +1499,7 @@ void ecp_mod_p448(char *input_N, TEST_LE_U(X.n, 2 * limbs); TEST_EQUAL(res.n, limbs); - TEST_EQUAL(mbedtls_ecp_mod_p448(&X), 0); + TEST_EQUAL(mbedtls_ecp_mod_p448(X.p, X.n), 0); TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0); TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 448); ASSERT_COMPARE(X.p, bytes, res.p, bytes); From 34b08e5005a41d2066707f9dc31f85e6caea772c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 16 May 2023 15:28:30 +0100 Subject: [PATCH 234/483] Convert over to using X, X_limbs Signed-off-by: Paul Elliott --- library/ecp_curves.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 094b25c675..6c588f713a 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5482,16 +5482,16 @@ cleanup: * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. */ MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *N, size_t N_limbs) +int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) { size_t i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (N_limbs <= P448_WIDTH) { + if (X_limbs <= P448_WIDTH) { return 0; } - size_t M_limbs = N_limbs - (P448_WIDTH); + size_t M_limbs = X_limbs - (P448_WIDTH); size_t Q_limbs = M_limbs; if (M_limbs > P448_WIDTH) { @@ -5513,15 +5513,15 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *N, size_t N_limbs) /* Do not copy into the overflow limb, as this would read past the end of * N. */ - memcpy(M, N + P448_WIDTH, ((M_limbs - 1) * ciL)); + memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL)); /* N = A0 */ - for (i = P448_WIDTH; i < N_limbs; i++) { - N[i] = 0; + for (i = P448_WIDTH; i < X_limbs; i++) { + X[i] = 0; } /* N += A1 - Carry here dealt with by oversize M and N. */ - (void) mbedtls_mpi_core_add(N, N, M, M_limbs); + (void) mbedtls_mpi_core_add(X, X, M, M_limbs); /* Q = B1, N += B1 */ mbedtls_mpi_uint *Q = mbedtls_calloc(Q_limbs, ciL); @@ -5536,7 +5536,7 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *N, size_t N_limbs) mbedtls_mpi_core_shift_r(Q, Q_limbs, 224); /* No carry here - only max 224 bits */ - (void) mbedtls_mpi_core_add(N, N, Q, Q_limbs); + (void) mbedtls_mpi_core_add(X, X, Q, Q_limbs); /* M = (B0 + B1) * 2^224, N += M */ if (sizeof(mbedtls_mpi_uint) > 4) { @@ -5550,7 +5550,7 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *N, size_t N_limbs) /* Shifted carry bit from the addition is dealt with by oversize M */ mbedtls_mpi_core_shift_l(M, M_limbs, 224); - (void) mbedtls_mpi_core_add(N, N, M, M_limbs); + (void) mbedtls_mpi_core_add(X, X, M, M_limbs); ret = 0; From 235c1947fb668a58646f13ddd3e0efdecb35a527 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 16 May 2023 15:51:23 +0100 Subject: [PATCH 235/483] Group memory allocations earlier Signed-off-by: Paul Elliott --- library/ecp_curves.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 6c588f713a..2bbec41e24 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5508,6 +5508,13 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) return MBEDTLS_ERR_ECP_ALLOC_FAILED; } + mbedtls_mpi_uint *Q = mbedtls_calloc(Q_limbs, ciL); + + if (Q == NULL) { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } + /* M = A1 */ memset(M, 0, (M_limbs * ciL)); @@ -5524,13 +5531,6 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) (void) mbedtls_mpi_core_add(X, X, M, M_limbs); /* Q = B1, N += B1 */ - mbedtls_mpi_uint *Q = mbedtls_calloc(Q_limbs, ciL); - - if (Q == NULL) { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; - } - memcpy(Q, M, (Q_limbs * ciL)); mbedtls_mpi_core_shift_r(Q, Q_limbs, 224); From 6b1f7f101fdb5ed1fb61ae9771c5808df1e91076 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 16 May 2023 15:59:56 +0100 Subject: [PATCH 236/483] Use const where appropriate Signed-off-by: Paul Elliott --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 2bbec41e24..c4ae8f9e35 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5492,7 +5492,7 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) } size_t M_limbs = X_limbs - (P448_WIDTH); - size_t Q_limbs = M_limbs; + const size_t Q_limbs = M_limbs; if (M_limbs > P448_WIDTH) { /* Shouldn't be called with N larger than 2^896! */ From 6397673cb8d06cf94160b9ec5444b951b5f736de Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 17 May 2023 12:41:25 +0800 Subject: [PATCH 237/483] build_info.h: change location of including config_psa.h In build_info.h, some macros are defined based on PSA_WANT_XXX symbol. This commit tweaks the location of including config_psa.h so that macros in build_info.h could imply config options correctly. Signed-off-by: Yanray Wang --- include/mbedtls/build_info.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index ba5844fc63..d271049857 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -87,6 +87,12 @@ #define MBEDTLS_MD_C #endif +/* PSA crypto specific configuration options */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \ + defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ +#include "mbedtls/config_psa.h" +#endif + /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. */ @@ -185,11 +191,6 @@ /* Make sure all configuration symbols are set before including check_config.h, * even the ones that are calculated programmatically. */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \ - defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ -#include "mbedtls/config_psa.h" -#endif - #include "mbedtls/check_config.h" #endif /* MBEDTLS_BUILD_INFO_H */ From da97ad9f14c0c3652be294aa9c52cb1122598626 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 16 May 2023 13:29:56 +0200 Subject: [PATCH 238/483] Use valid MD5 dependency for test Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 46fa1e8f39..19bf51aed7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -3317,5 +3317,5 @@ x509_crt_parse_authoritykeyid:"308203873082026fa003020102020100300d06092a864886f # clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer X509 CRT parse Authority Key Id - Wrong Issuer sequence -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C x509_crt_parse_authoritykeyid:"308201883082016FA0030201020209202020202020202020300D06092A864886F70D010104050030233110300E0603202020130720202020202020310F300D06032020201306202020202020301E170D3131303530383230353934385A170D3134303530373230353934385A30233110300E0603202020130720202020202020310F300D06032020201306202020202020305C300D06092A864886F70D0101010500034B003048024120202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020FF02032020FFA38185308182301D060320202004162020202020202020202020202020202020202020202030530603551D23044C304A80142020202020202020202020202020202020202020A12AA42530233110300E0603202020130720202020202020310F300D0603202020130620202020202082002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020":0:"":0:MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA From 5e25f80d8a51da4e843161238b288e057447371b Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 21 Apr 2023 09:45:16 +0000 Subject: [PATCH 239/483] Add ecp test function for mont mul and inv Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 67 ++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index f034d6fc81..6369fed730 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1550,3 +1550,70 @@ exit: mbedtls_free(p); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) +{ + int ret; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_modulus_init(&m); + mbedtls_mpi_mod_residue A = { NULL, 0 }; + mbedtls_mpi_mod_residue A_inverse = { NULL, 0 }; + mbedtls_mpi_mod_residue rX = { NULL, 0 }; + mbedtls_mpi_uint *rX_raw = NULL; + mbedtls_mpi_uint *p_inverse = NULL; + mbedtls_mpi_uint *p = NULL; + mbedtls_mpi_uint *bufx = NULL; + mbedtls_mpi_uint Result = 1; + size_t p_limbs; + + ret = mbedtls_ecp_modulus_setup(&m, id, ctype); + TEST_EQUAL(ret, iret); + + TEST_EQUAL(mbedtls_test_read_mpi_core(&p, &p_limbs, input_A), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A, &m, p, p_limbs)); + + if (ret == 0) { + + /* Test for limb sizes */ + TEST_EQUAL(m.limbs, p_limbs); + + /* Test for validity of moduli by the presence of Montgomery consts */ + + TEST_ASSERT(m.rep.mont.mm != 0); + TEST_ASSERT(m.rep.mont.rr != NULL); + + size_t limbs = m.limbs; + + ASSERT_ALLOC(p_inverse, limbs); + + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A_inverse, &m, p_inverse, limbs)); + + ASSERT_ALLOC(rX_raw, limbs); + + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); + + TEST_EQUAL(0, mbedtls_mpi_mod_inv(&A_inverse, &A, &m)); + + TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &A, &A_inverse, &m), 0); + + ASSERT_ALLOC(bufx, limbs); + TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *)bufx, p_limbs * sizeof(mbedtls_mpi_uint), MBEDTLS_MPI_MOD_EXT_REP_LE), 0); + + TEST_EQUAL(memcmp(bufx, &Result, sizeof(mbedtls_mpi_uint)), 0); + + /* Test for user free-ing allocated memory */ + mbedtls_mpi_mod_modulus_free(&m); + } + +exit: + mbedtls_mpi_mod_modulus_free(&m); + mbedtls_mpi_mod_residue_release(&A); + mbedtls_mpi_mod_residue_release(&A_inverse); + mbedtls_mpi_mod_residue_release(&rX); + mbedtls_free(p); + mbedtls_free(p_inverse); + mbedtls_free(rX_raw); + mbedtls_free(bufx); +} +/* END_CASE */ From 3d0c2be8c23c269ea4c53f206ac2f260d23736ce Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 26 Apr 2023 10:13:30 +0000 Subject: [PATCH 240/483] Add ecp test cases for mont mul and inv after named moduli setup Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 192 +++++++++++++++++++++++++++++++ 1 file changed, 192 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 1f6dfc11d4..b4e2911496 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1026,3 +1026,195 @@ ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_C ecp_setup_negative_test #28 Invalid Curve Type depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_NONE:MBEDTLS_ECP_MOD_SCALAR:MBEDTLS_ERR_ECP_BAD_INPUT_DATA + +ecp_mul_inv #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_mul_inv:"0000000000000000000000000000152d02c7e14af67fe0bf":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_mul_inv:"4acca2d7100bad687080217babfb490d23dd6460a0007f24":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_mul_inv:"c4fd9a06df9b4efa94531578af8b5886ec0ada82884199f7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_mul_inv:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #5 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_mul_inv:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_mul_inv:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_mul_inv:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_mul_inv:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #9 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_mul_inv:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_mul_inv:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_mul_inv:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_mul_inv:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_mul_inv:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_mul_inv:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_mul_inv:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_mul_inv:"96e729c5c64b7f54375c2779f034acc1f32c26358a621ab421b9c4d4c11ddb28":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_mul_inv #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_mul_inv:"7491ad896c2a0ec65950db5c91e9b573a77839fd576481da85f5a77c7ceccce0":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_mul_inv #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_mul_inv:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_mul_inv #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_mul_inv:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_mul_inv:"8bcf768f2f7d6d22133de97f5e463337ff030e662d6f6724d5bad27e27be5dc0":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_mul_inv:"435ed5da780b83a0130fc8f03e8e224d5bb4ae2eeeba214b8156544c4ae85944":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #22 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_mul_inv:"4003a648cfeda3a738a3e05933c6ce5098ab6dc943821cfc485f8991caaba99979ced9bb237c6b24997db8359a4a659f":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_mul_inv #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_mul_inv:"62b4355dc4cc6d76fc1633c46222c6ad5efaf6de931f0d25217d3dcebfd443fec31eeba68688717275a039863d03a48b":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_mul_inv #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_mul_inv:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_mul_inv #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_mul_inv:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_mul_inv:"82b18c3794463edeb80760098f7d392569dde6ed5ec21753b66e4e9b79e2f3e89bfc9fea1a2ffda2c285a0cc4afeab0":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_mul_inv:"7c17dc9df00c870a701c07186bd74b752abb6a9e17ee1c6342403e75d6fa7431b32e2495eb3f5e67c6519b43c6f69e28":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #28 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_mul_inv:"27e445caeb0d6752bd051f36a6d21ccdf67ba9b8238f2552aba237c3c72f3d384e7df2a25f95b779c7f38a4123741e2c691c4d5b87b231e4a98ecb9166a73674":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_mul_inv #29 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_mul_inv:"7b1dc9c166abbcd7a1a6b1ec375a3125aa3257d1d40e781f1ac9023dba4248415aa0eaea6fa8ce460f85fdae3f62fbb4bdcb953328f5d5664b71f70f681c0f4e":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_mul_inv #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_mul_inv:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_mul_inv #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_mul_inv:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_mul_inv:"99c2751d157489ab961a7bf1be12c8575cc56c99c6db8e2273450f6332ecdd3cd9b33763acd0509d8b98250462319bfd7cfbfc87c99ce31c15cefab651bc088c":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_mul_inv:"3169122b79ab7add228eed5b4de336dcb5daae8136b5cb184c08752d727c954840f8e2ad6860245128f6931a4598578679a65aa6e4b138a349586c57d03d2216":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_mul_inv:"1000000000000000000000000000000014def9dea2079cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_mul_inv:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_mul_inv:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_mul_inv:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_mul_inv:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #39 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"da56a9378515b3997acc6f139bbdf25b176999463444b117fc530a57":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"ce6ed97636b37dd78af2979caf0cbe9a552297a80c8a16282dfe1327":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"10a17b4610fbc12ad3370d475ee7b5425c9cee3ebd03bcab89fec50c":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_mul_inv:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #44 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_mul_inv:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #45 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_mul_inv:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #46 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #47 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_mul_inv #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 From 8ca64374b1444119cde881c6629a6920a71103c0 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 26 Apr 2023 10:56:22 +0000 Subject: [PATCH 241/483] Tidy up ecp mul_inv_test code Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 6369fed730..80e3415837 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1565,41 +1565,40 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) mbedtls_mpi_uint *p = NULL; mbedtls_mpi_uint *bufx = NULL; mbedtls_mpi_uint Result = 1; - size_t p_limbs; ret = mbedtls_ecp_modulus_setup(&m, id, ctype); TEST_EQUAL(ret, iret); - TEST_EQUAL(mbedtls_test_read_mpi_core(&p, &p_limbs, input_A), 0); - TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A, &m, p, p_limbs)); - if (ret == 0) { + size_t limbs; + + TEST_EQUAL(mbedtls_test_read_mpi_core(&p, &limbs, input_A), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A, &m, p, limbs)); + /* Test for limb sizes */ - TEST_EQUAL(m.limbs, p_limbs); + TEST_EQUAL(m.limbs, limbs); /* Test for validity of moduli by the presence of Montgomery consts */ TEST_ASSERT(m.rep.mont.mm != 0); TEST_ASSERT(m.rep.mont.rr != NULL); - size_t limbs = m.limbs; - ASSERT_ALLOC(p_inverse, limbs); - TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A_inverse, &m, p_inverse, limbs)); ASSERT_ALLOC(rX_raw, limbs); - TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); + /* Get inverse of A mode m, and multiply it with itself, + * to see whether the result equal to '1' */ TEST_EQUAL(0, mbedtls_mpi_mod_inv(&A_inverse, &A, &m)); - TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &A, &A_inverse, &m), 0); ASSERT_ALLOC(bufx, limbs); - TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *)bufx, p_limbs * sizeof(mbedtls_mpi_uint), MBEDTLS_MPI_MOD_EXT_REP_LE), 0); - + TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *)bufx, + limbs * sizeof(mbedtls_mpi_uint), + MBEDTLS_MPI_MOD_EXT_REP_LE), 0); TEST_EQUAL(memcmp(bufx, &Result, sizeof(mbedtls_mpi_uint)), 0); /* Test for user free-ing allocated memory */ From e4dc798b594ae151da4bf3df309eeec0c1d29d19 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 27 Apr 2023 13:19:05 +0000 Subject: [PATCH 242/483] Change coding styles of white space Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 80e3415837..5ba6922d43 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1596,7 +1596,7 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &A, &A_inverse, &m), 0); ASSERT_ALLOC(bufx, limbs); - TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *)bufx, + TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx, limbs * sizeof(mbedtls_mpi_uint), MBEDTLS_MPI_MOD_EXT_REP_LE), 0); TEST_EQUAL(memcmp(bufx, &Result, sizeof(mbedtls_mpi_uint)), 0); From d244c83dfe94832d4e2e48be4d078a45a65b7fb7 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 27 Apr 2023 13:37:09 +0000 Subject: [PATCH 243/483] Update ecp mul_inv test cases Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index b4e2911496..189d477f54 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1185,15 +1185,15 @@ ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_D ecp_mul_inv #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"da56a9378515b3997acc6f139bbdf25b176999463444b117fc530a57":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"534a7b77a3ec2d7a8b5771db248ff31da25e928223b638bf9bb8d98b":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 ecp_mul_inv #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"ce6ed97636b37dd78af2979caf0cbe9a552297a80c8a16282dfe1327":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"7052d48ceac001ee65a340c8cdd659232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 ecp_mul_inv #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"10a17b4610fbc12ad3370d475ee7b5425c9cee3ebd03bcab89fec50c":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"417c288d9346e2128fe8a6a8bc4691de07804023f086c0fba616164f":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 ecp_mul_inv #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED From 86cb08ba27d1643c404cf699e78a13a121484ce0 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 28 Apr 2023 10:59:30 +0000 Subject: [PATCH 244/483] Add comments about how the mod_inv data is generated Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 189d477f54..14099d13ce 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1027,6 +1027,8 @@ ecp_setup_negative_test #28 Invalid Curve Type depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_NONE:MBEDTLS_ECP_MOD_SCALAR:MBEDTLS_ERR_ECP_BAD_INPUT_DATA +# The following data be generated by random.getrandbits() in python must less than the named curves' modulus. +# mbedtls_mpi_mod_residue_setup() can be used to check whether it satisfy the requirements. ecp_mul_inv #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecp_mod_mul_inv:"0000000000000000000000000000152d02c7e14af67fe0bf":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 From b7f99502346c19c8c277082161b0d180bfa1bbe6 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 4 May 2023 07:07:49 +0000 Subject: [PATCH 245/483] Increase bit size to 225 for SECP224K1 test cases Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 14099d13ce..761d60f6b4 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1187,15 +1187,15 @@ ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_D ecp_mul_inv #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"534a7b77a3ec2d7a8b5771db248ff31da25e928223b638bf9bb8d98b":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"1000000000000000000000000000075ea446a83291f5136799781cfbd":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 ecp_mul_inv #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"7052d48ceac001ee65a340c8cdd659232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"1000000000000000000000000000059232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 ecp_mul_inv #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"417c288d9346e2128fe8a6a8bc4691de07804023f086c0fba616164f":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"10000000000000000000000000000aca628de662cdbd5cb4dc69efbb8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 ecp_mul_inv #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED From 424da8aa36a7401ec8939a32fc15dec3037a0b81 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 11 May 2023 03:28:16 +0000 Subject: [PATCH 246/483] Revert to 224bit random data no need leading bit "1" Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 761d60f6b4..64967d5acf 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1187,15 +1187,15 @@ ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_D ecp_mul_inv #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"1000000000000000000000000000075ea446a83291f5136799781cfbd":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 ecp_mul_inv #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"1000000000000000000000000000059232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 ecp_mul_inv #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"10000000000000000000000000000aca628de662cdbd5cb4dc69efbb8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 ecp_mul_inv #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED From 5b6bedfaf341c28a4db99dcc616b1b4f96de3c87 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 16 May 2023 07:03:57 +0000 Subject: [PATCH 247/483] Add comments to the data file for the cureve secp224k1 Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 64967d5acf..77e55749d4 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1185,6 +1185,8 @@ ecp_mul_inv #39 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 +# Public values of secp224K1 have 225 bits, if we randomly generate only 224 bits, we should add the leading '0' +# to make the limbs match with each other and make the function mbedtls_mpi_mod_residue_setup() happy. ecp_mul_inv #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_mul_inv:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 From d3e86a170a8b9ab011aac56d94c715420f6972bb Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 17 May 2023 03:07:10 +0000 Subject: [PATCH 248/483] Add back 255 bit test data for SECP224K1 test cases Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 77e55749d4..30ecc6593b 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1191,14 +1191,26 @@ ecp_mul_inv #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_mul_inv:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mul_inv #40.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"1000000000000000000000000000075ea446a83291f5136799781cfbd":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + ecp_mul_inv #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_mul_inv:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mul_inv #41.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"1000000000000000000000000000059232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + ecp_mul_inv #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_mul_inv:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mul_inv #42.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_mul_inv:"10000000000000000000000000000aca628de662cdbd5cb4dc69efbb8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + ecp_mul_inv #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED ecp_mod_mul_inv:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 From 631f63d29d8c7fe314a47e470a41d168246bd5f2 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 17 May 2023 06:13:02 +0000 Subject: [PATCH 249/483] Remove modulus double free Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 5ba6922d43..56bc1790ca 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1601,8 +1601,6 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) MBEDTLS_MPI_MOD_EXT_REP_LE), 0); TEST_EQUAL(memcmp(bufx, &Result, sizeof(mbedtls_mpi_uint)), 0); - /* Test for user free-ing allocated memory */ - mbedtls_mpi_mod_modulus_free(&m); } exit: From afdea64b504a5b75ff9950ca14bea6947fd6d29a Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 17 May 2023 06:14:01 +0000 Subject: [PATCH 250/483] Remove the useless modulus validaty Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 56bc1790ca..52d08c0fc1 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1579,11 +1579,6 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) /* Test for limb sizes */ TEST_EQUAL(m.limbs, limbs); - /* Test for validity of moduli by the presence of Montgomery consts */ - - TEST_ASSERT(m.rep.mont.mm != 0); - TEST_ASSERT(m.rep.mont.rr != NULL); - ASSERT_ALLOC(p_inverse, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A_inverse, &m, p_inverse, limbs)); From 78b93b1902220e478b0c1304a7168b78217d6fb2 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 17 May 2023 06:41:21 +0000 Subject: [PATCH 251/483] Refine error check for mbedtls_ecp_modulus_setup Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 44 +++++++++++++--------------- 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 52d08c0fc1..af438ebf7e 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1554,7 +1554,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) { - int ret; + size_t limbs; mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_modulus_init(&m); mbedtls_mpi_mod_residue A = { NULL, 0 }; @@ -1566,37 +1566,33 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) mbedtls_mpi_uint *bufx = NULL; mbedtls_mpi_uint Result = 1; - ret = mbedtls_ecp_modulus_setup(&m, id, ctype); - TEST_EQUAL(ret, iret); + ((void) iret); - if (ret == 0) { + TEST_ASSERT(mbedtls_ecp_modulus_setup(&m, id, ctype) == 0); - size_t limbs; + TEST_EQUAL(mbedtls_test_read_mpi_core(&p, &limbs, input_A), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A, &m, p, limbs)); - TEST_EQUAL(mbedtls_test_read_mpi_core(&p, &limbs, input_A), 0); - TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A, &m, p, limbs)); + /* Test for limb sizes */ + TEST_EQUAL(m.limbs, limbs); - /* Test for limb sizes */ - TEST_EQUAL(m.limbs, limbs); + ASSERT_ALLOC(p_inverse, limbs); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A_inverse, &m, p_inverse, limbs)); - ASSERT_ALLOC(p_inverse, limbs); - TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A_inverse, &m, p_inverse, limbs)); + ASSERT_ALLOC(rX_raw, limbs); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); - ASSERT_ALLOC(rX_raw, limbs); - TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); + /* Get inverse of A mode m, and multiply it with itself, + * to see whether the result equal to '1' */ + TEST_EQUAL(0, mbedtls_mpi_mod_inv(&A_inverse, &A, &m)); + TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &A, &A_inverse, &m), 0); - /* Get inverse of A mode m, and multiply it with itself, - * to see whether the result equal to '1' */ - TEST_EQUAL(0, mbedtls_mpi_mod_inv(&A_inverse, &A, &m)); - TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &A, &A_inverse, &m), 0); + ASSERT_ALLOC(bufx, limbs); + TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx, + limbs * sizeof(mbedtls_mpi_uint), + MBEDTLS_MPI_MOD_EXT_REP_LE), 0); + TEST_EQUAL(memcmp(bufx, &Result, sizeof(mbedtls_mpi_uint)), 0); - ASSERT_ALLOC(bufx, limbs); - TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx, - limbs * sizeof(mbedtls_mpi_uint), - MBEDTLS_MPI_MOD_EXT_REP_LE), 0); - TEST_EQUAL(memcmp(bufx, &Result, sizeof(mbedtls_mpi_uint)), 0); - - } exit: mbedtls_mpi_mod_modulus_free(&m); From 1ae7ca435b5d069c9e0dc5c1122ff097c7bc76db Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 17 May 2023 09:09:40 +0000 Subject: [PATCH 252/483] Re-order the variable orders and rename them Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 37 ++++++++++++++-------------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index af438ebf7e..1a6302fbfa 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1556,51 +1556,52 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) { size_t limbs; mbedtls_mpi_mod_modulus m; - mbedtls_mpi_mod_modulus_init(&m); - mbedtls_mpi_mod_residue A = { NULL, 0 }; - mbedtls_mpi_mod_residue A_inverse = { NULL, 0 }; - mbedtls_mpi_mod_residue rX = { NULL, 0 }; + mbedtls_mpi_mod_residue rA; // For input + mbedtls_mpi_mod_residue rA_inverse; // For inverse input + mbedtls_mpi_mod_residue rX; // For result mbedtls_mpi_uint *rX_raw = NULL; - mbedtls_mpi_uint *p_inverse = NULL; - mbedtls_mpi_uint *p = NULL; + mbedtls_mpi_uint *A_inverse = NULL; + mbedtls_mpi_uint *A = NULL; mbedtls_mpi_uint *bufx = NULL; - mbedtls_mpi_uint Result = 1; + const mbedtls_mpi_uint one = 1; ((void) iret); + mbedtls_mpi_mod_modulus_init(&m); + TEST_ASSERT(mbedtls_ecp_modulus_setup(&m, id, ctype) == 0); - TEST_EQUAL(mbedtls_test_read_mpi_core(&p, &limbs, input_A), 0); - TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A, &m, p, limbs)); + TEST_EQUAL(mbedtls_test_read_mpi_core(&A, &limbs, input_A), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA, &m, A, limbs)); /* Test for limb sizes */ TEST_EQUAL(m.limbs, limbs); - ASSERT_ALLOC(p_inverse, limbs); - TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&A_inverse, &m, p_inverse, limbs)); + ASSERT_ALLOC(A_inverse, limbs); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA_inverse, &m, A_inverse, limbs)); ASSERT_ALLOC(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); /* Get inverse of A mode m, and multiply it with itself, * to see whether the result equal to '1' */ - TEST_EQUAL(0, mbedtls_mpi_mod_inv(&A_inverse, &A, &m)); - TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &A, &A_inverse, &m), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_inv(&rA_inverse, &rA, &m)); + TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA_inverse, &m), 0); ASSERT_ALLOC(bufx, limbs); TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx, limbs * sizeof(mbedtls_mpi_uint), MBEDTLS_MPI_MOD_EXT_REP_LE), 0); - TEST_EQUAL(memcmp(bufx, &Result, sizeof(mbedtls_mpi_uint)), 0); + TEST_EQUAL(memcmp(bufx, &one, sizeof(mbedtls_mpi_uint)), 0); exit: mbedtls_mpi_mod_modulus_free(&m); - mbedtls_mpi_mod_residue_release(&A); - mbedtls_mpi_mod_residue_release(&A_inverse); + mbedtls_mpi_mod_residue_release(&rA); + mbedtls_mpi_mod_residue_release(&rA_inverse); mbedtls_mpi_mod_residue_release(&rX); - mbedtls_free(p); - mbedtls_free(p_inverse); + mbedtls_free(A); + mbedtls_free(A_inverse); mbedtls_free(rX_raw); mbedtls_free(bufx); } From c81272461ef9518d64659df578aa69a2e719d8f9 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 17 May 2023 09:20:34 +0000 Subject: [PATCH 253/483] Check all of the limbs of result Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 1a6302fbfa..3b01e4d12b 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1563,7 +1563,7 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) mbedtls_mpi_uint *A_inverse = NULL; mbedtls_mpi_uint *A = NULL; mbedtls_mpi_uint *bufx = NULL; - const mbedtls_mpi_uint one = 1; + const mbedtls_mpi_uint one[2] = {1, 0}; ((void) iret); @@ -1592,7 +1592,7 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx, limbs * sizeof(mbedtls_mpi_uint), MBEDTLS_MPI_MOD_EXT_REP_LE), 0); - TEST_EQUAL(memcmp(bufx, &one, sizeof(mbedtls_mpi_uint)), 0); + TEST_EQUAL(memcmp(bufx, one, sizeof(one)), 0); exit: From 11dd5c0b368048a91cac8126240c0aa34e7436e5 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 17 May 2023 09:34:15 +0000 Subject: [PATCH 254/483] Compare final result with ASSERT_COMPARE Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 3b01e4d12b..bc2cd750ec 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1592,7 +1592,7 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx, limbs * sizeof(mbedtls_mpi_uint), MBEDTLS_MPI_MOD_EXT_REP_LE), 0); - TEST_EQUAL(memcmp(bufx, one, sizeof(one)), 0); + ASSERT_COMPARE(bufx, 2, one, 2); exit: From 419a55e9292ee3200905a6f5bd6366e6a86e7284 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 17 May 2023 18:22:00 +0800 Subject: [PATCH 255/483] build_info.h: rewrite comment for inclusion of config_psa.h Signed-off-by: Yanray Wang --- include/mbedtls/build_info.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index d271049857..1acf47759b 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -87,7 +87,13 @@ #define MBEDTLS_MD_C #endif -/* PSA crypto specific configuration options */ +/* PSA crypto specific configuration options + * - If config_psa.h reads a configuration option in preprocessor directive, + * this symbol should be consulted before its inclusion. (e.g. MBEDTLS_MD_C) + * - If config_psa.h writes a configuration option in conditional directive, + * this symbol should be consulted after its inclusion. + * (e.g. MBEDTLS_MD_LIGHT) + */ #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \ defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ #include "mbedtls/config_psa.h" From 4ac9d44d8381aa73e421a44adb7d14bbc6519e5a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 May 2023 12:32:13 +0200 Subject: [PATCH 256/483] pk: fix typos in description of mbedtls_pk_ec_[ro/rw] Signed-off-by: Valerio Setti --- library/pk_internal.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 7c4f285719..402cb65353 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -30,11 +30,11 @@ #if defined(MBEDTLS_ECP_LIGHT) /** * Public function mbedtls_pk_ec() can be used to get direct access to the - * wrapped ecp_keypair strucure pointed to the pk_ctx. However this is not - * ideal because it bypasses the PK module on the control of its internal's + * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not + * ideal because it bypasses the PK module on the control of its internal * structure (pk_context) fields. * For backward compatibility we keep mbedtls_pk_ec() when ECP_C is defined, but - * we provide 2 very similar function when only ECP_LIGHT is enabled and not + * we provide 2 very similar functions when only ECP_LIGHT is enabled and not * ECP_C. * These variants embed the "ro" or "rw" keywords in their name to make the * usage of the returned pointer explicit. Of course the returned value is From c05f51ded9c0a2d3500a3cc3922befc52c0c013b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 16 May 2023 17:55:44 +0100 Subject: [PATCH 257/483] Convert comments over to X rather than N Signed-off-by: Paul Elliott --- library/ecp_curves.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index c4ae8f9e35..d34eea2f92 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5472,14 +5472,14 @@ cleanup: /* * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1 - * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return - * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference - * implementation of Curve448, which uses its own special 56-bit limbs rather - * than a generic bignum library. We could squeeze some extra speed out on - * 32-bit machines by splitting N up into 32-bit limbs and doing the - * arithmetic using the limbs directly as we do for the NIST primes above, - * but for 64-bit targets it should use half the number of operations if we do - * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. + * Write X as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return A0 + A1 + B1 + + * (B0 + B1) * 2^224. This is different to the reference implementation of + * Curve448, which uses its own special 56-bit limbs rather than a generic + * bignum library. We could squeeze some extra speed out on 32-bit machines by + * splitting N up into 32-bit limbs and doing the arithmetic using the limbs + * directly as we do for the NIST primes above, but for 64-bit targets it should + * use half the number of operations if we do the reduction with 224-bit limbs, + * since mpi_add_mpi will then use 64-bit adds. */ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) @@ -5495,7 +5495,7 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) const size_t Q_limbs = M_limbs; if (M_limbs > P448_WIDTH) { - /* Shouldn't be called with N larger than 2^896! */ + /* Shouldn't be called with X larger than 2^896! */ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } @@ -5519,7 +5519,7 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) memset(M, 0, (M_limbs * ciL)); /* Do not copy into the overflow limb, as this would read past the end of - * N. */ + * X. */ memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL)); /* N = A0 */ @@ -5527,10 +5527,10 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) X[i] = 0; } - /* N += A1 - Carry here dealt with by oversize M and N. */ + /* X += A1 - Carry here dealt with by oversize M and X. */ (void) mbedtls_mpi_core_add(X, X, M, M_limbs); - /* Q = B1, N += B1 */ + /* Q = B1, X += B1 */ memcpy(Q, M, (Q_limbs * ciL)); mbedtls_mpi_core_shift_r(Q, Q_limbs, 224); From 722f8f7472c3a7dd8bbc593041fb7a584dc37eb4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 May 2023 15:31:21 +0200 Subject: [PATCH 258/483] pk: adding a new field to store the public key in raw format Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 53 ++++++++++++++++++++++++++++++++++++++++---- library/pk.c | 6 +++++ 2 files changed, 55 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index ec2a2513ec..9b2cab8fbf 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -202,6 +202,21 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_CAN_ECDH #endif +/* Helper to define which fields in the pk_context structure below should be + * used for EC keys: legacy ecp_keypair or the raw (PSA friendly) format. + * It should be noticed that this only affect how data is stored, not which + * functions are used for various operations. The overall picture looks like + * this: + * - if ECP_C is defined then use legacy functions + * - if USE_PSA is defined and + * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly + * format and use PSA functions + * - if !ECP_C then use new raw data and PSA functions directly. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_USE_PSA_EC_DATA +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ + /** * \brief Types for interfacing with the debug module */ @@ -232,19 +247,49 @@ typedef struct mbedtls_pk_debug_item { */ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; +#define MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) /** * \brief Public key container - * - * \note The priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not - * by MBEDTLS_USE_PSA_CRYPTO because it can be used also - * in mbedtls_pk_sign_ext for RSA keys. */ typedef struct mbedtls_pk_context { const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */ void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ + /* When MBEDTLS_PSA_CRYPTO_C is enabled then the following priv_id field is + * used to store the ID of the opaque key. Differently from the raw public + * key management below, in this case there is no counterpart in the pk_ctx + * field to work in parallel with. + * This priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by + * MBEDTLS_USE_PSA_CRYPTO because it can be used also in mbedtls_pk_sign_ext + * for RSA keys. */ #if defined(MBEDTLS_PSA_CRYPTO_C) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */ #endif /* MBEDTLS_PSA_CRYPTO_C */ + /* The following fields are meant for storing the public key in raw format + * which is handy for: + * - easily importing it into the PSA context + * - reducing the ECP module dependencies in the PK one. + * + * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled: + * - the pk_ctx above is not used anymore for storing the public key + * inside the ecp_keypair structure (only the private part, but also this + * one is going to change in the future) + * - the following fields are used for all public key operations: signature + * verify, key pair check and key write. + * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy + * ecp_keypair structure is used for storing the public key and perform + * all the operations. + * + * Note: This new public key storing solution only works for EC keys, not + * other ones. The latters is still use pk_ctx to store their own + * context. + */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + uint8_t MBEDTLS_PRIVATE(pub_raw)[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN]; /**< Raw public key */ + size_t MBEDTLS_PRIVATE(pub_raw_len); /**< Valid bytes in "pub_raw" */ + psa_ecc_family_t MBEDTLS_PRIVATE(ec_family); /**< EC family of pk */ + size_t MBEDTLS_PRIVATE(ec_bits); /**< Curve's bits of pk */ +#endif /* MBEDTLS_PK_USE_PSA_EC_PUB_KEY */ } mbedtls_pk_context; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/library/pk.c b/library/pk.c index 7e772829aa..7a047df3fd 100644 --- a/library/pk.c +++ b/library/pk.c @@ -64,6 +64,12 @@ void mbedtls_pk_init(mbedtls_pk_context *ctx) #if defined(MBEDTLS_PSA_CRYPTO_C) ctx->priv_id = MBEDTLS_SVC_KEY_ID_INIT; #endif /* MBEDTLS_PSA_CRYPTO_C */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + memset(ctx->pub_raw, 0, sizeof(ctx->pub_raw)); + ctx->pub_raw_len = 0; + ctx->ec_family = 0; + ctx->ec_bits = 0; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } /* From 4064dbbdb2cd5171b0678f7e6e356d573b8a138c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 May 2023 15:33:07 +0200 Subject: [PATCH 259/483] pk: update pkparse and pkwrite to use the new public key storing solution Signed-off-by: Valerio Setti --- library/pk_internal.h | 20 ++++ library/pkparse.c | 212 +++++++++++++++++++++++++++++++++--------- library/pkwrite.c | 35 ++++--- library/pkwrite.h | 28 +----- 4 files changed, 215 insertions(+), 80 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 402cb65353..09f3d85249 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -63,6 +63,26 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) return NULL; } } + +/* Helpers for Montgomery curves */ +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +#define MBEDTLS_PK_HAVE_RFC8410_CURVES + +static inline int mbedtls_pk_is_rfc8410_curve(mbedtls_ecp_group_id id) +{ +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + if (id == MBEDTLS_ECP_DP_CURVE25519) { + return 1; + } +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + if (id == MBEDTLS_ECP_DP_CURVE448) { + return 1; + } +#endif + return 0; +} +#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ #endif /* MBEDTLS_ECP_LIGHT */ #endif /* MBEDTLS_PK_INTERNAL_H */ diff --git a/library/pkparse.c b/library/pkparse.c index 87b707dc88..d47b099493 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -37,6 +37,9 @@ #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) #include "pkwrite.h" #endif +#if defined(MBEDTLS_ECP_LIGHT) +#include "pk_internal.h" +#endif #if defined(MBEDTLS_ECDSA_C) #include "mbedtls/ecdsa.h" #endif @@ -455,6 +458,29 @@ cleanup: } #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +/* Functions pk_use_ecparams() and pk_use_ecparams_rfc8410() update the + * ecp_keypair structure with proper group ID. The purpose of this helper + * function is to update ec_family and ec_bits accordingly. */ +static int pk_update_psa_ecparams(mbedtls_pk_context *pk, + mbedtls_ecp_group_id grp_id) +{ + psa_ecc_family_t ec_family; + size_t bits; + + ec_family = mbedtls_ecc_group_to_psa(grp_id, &bits); + + if ((pk->ec_family != 0) && (pk->ec_family != ec_family)) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } + + pk->ec_family = ec_family; + pk->ec_bits = bits; + + return 0; +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + /* * Use EC parameters to initialise an EC group * @@ -463,7 +489,7 @@ cleanup: * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } * -- implicitCurve NULL */ -static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp) +static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *pk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; @@ -482,39 +508,41 @@ static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_ecp_group *gr #endif } - /* - * grp may already be initialized; if so, make sure IDs match - */ - if (grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id) { + /* grp may already be initialized; if so, make sure IDs match */ + if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && + mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } - if ((ret = mbedtls_ecp_group_load(grp, grp_id)) != 0) { + if ((ret = mbedtls_ecp_group_load(&(mbedtls_pk_ec_rw(*pk)->grp), + grp_id)) != 0) { return ret; } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + ret = pk_update_psa_ecparams(pk, grp_id); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - return 0; + return ret; } -#if defined(MBEDTLS_ECP_LIGHT) /* * Helper function for deriving a public key from its private counterpart. */ -static int pk_derive_public_key(mbedtls_ecp_keypair *eck, +static int pk_derive_public_key(mbedtls_pk_context *pk, const unsigned char *d, size_t d_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret; + mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status, destruction_status; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(eck->grp.id, &curve_bits); - /* This buffer is used to store the private key at first and then the - * public one (but not at the same time). Therefore we size it for the - * latter since it's bigger. */ +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t key_len; +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; (void) f_rng; @@ -529,9 +557,12 @@ static int pk_derive_public_key(mbedtls_ecp_keypair *eck, return ret; } - mbedtls_platform_zeroize(key_buf, sizeof(key_buf)); - +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + status = psa_export_public_key(key_id, pk->pub_raw, sizeof(pk->pub_raw), + &pk->pub_raw_len); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ ret = psa_pk_status_to_mbedtls(status); destruction_status = psa_destroy_key(key_id); if (ret != 0) { @@ -539,8 +570,9 @@ static int pk_derive_public_key(mbedtls_ecp_keypair *eck, } else if (destruction_status != PSA_SUCCESS) { return psa_pk_status_to_mbedtls(destruction_status); } - +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) ret = mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len); +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ #else /* MBEDTLS_USE_PSA_CRYPTO */ (void) d; (void) d_len; @@ -557,13 +589,24 @@ static int pk_derive_public_key(mbedtls_ecp_keypair *eck, */ static int pk_use_ecparams_rfc8410(const mbedtls_asn1_buf *params, mbedtls_ecp_group_id grp_id, - mbedtls_ecp_group *grp) + mbedtls_pk_context *pk) { + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); + int ret; + if (params->tag != 0 || params->len != 0) { return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } - return mbedtls_ecp_group_load(grp, grp_id); + ret = mbedtls_ecp_group_load(&(ecp->grp), grp_id); + if (ret != 0) { + return ret; + } + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + ret = pk_update_psa_ecparams(pk, grp_id); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + return ret; } /* @@ -571,10 +614,11 @@ static int pk_use_ecparams_rfc8410(const mbedtls_asn1_buf *params, * * CurvePrivateKey ::= OCTET STRING */ -static int pk_parse_key_rfc8410_der(mbedtls_ecp_keypair *eck, +static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, unsigned char *key, size_t keylen, const unsigned char *end, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -591,10 +635,10 @@ static int pk_parse_key_rfc8410_der(mbedtls_ecp_keypair *eck, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } - // pk_parse_key_pkcs8_unencrypted_der() only supports version 1 PKCS8 keys, - // which never contain a public key. As such, derive the public key - // unconditionally. - if ((ret = pk_derive_public_key(eck, key, len, f_rng, p_rng)) != 0) { + /* pk_parse_key_pkcs8_unencrypted_der() only supports version 1 PKCS8 keys, + * which never contain a public key. As such, derive the public key + * unconditionally. */ + if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) { mbedtls_ecp_keypair_free(eck); return ret; } @@ -607,7 +651,42 @@ static int pk_parse_key_rfc8410_der(mbedtls_ecp_keypair *eck, return 0; } #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +/* + * Create a temporary ecp_keypair for converting an EC point in compressed + * format to an uncompressed one + */ +static int pk_convert_compressed_ec(mbedtls_pk_context *pk, + const unsigned char *in_start, size_t in_len, + size_t *out_buf_len, unsigned char *out_buf, + size_t out_buf_size) +{ + mbedtls_ecp_keypair ecp_key; + mbedtls_ecp_group_id ecp_group_id; + int ret; + + ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); + + mbedtls_ecp_keypair_init(&ecp_key); + ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id); + if (ret != 0) { + return ret; + } + ret = mbedtls_ecp_point_read_binary(&(ecp_key.grp), &ecp_key.Q, + in_start, in_len); + if (ret != 0) { + goto exit; + } + ret = mbedtls_ecp_point_write_binary(&(ecp_key.grp), &ecp_key.Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + out_buf_len, out_buf, out_buf_size); + +exit: + mbedtls_ecp_keypair_free(&ecp_key); + return ret; +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* * EC public key is an EC point @@ -617,15 +696,61 @@ static int pk_parse_key_rfc8410_der(mbedtls_ecp_keypair *eck, * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. */ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, - mbedtls_ecp_keypair *key) + mbedtls_pk_context *pk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ((ret = mbedtls_ecp_point_read_binary(&key->grp, &key->Q, - (const unsigned char *) *p, end - *p)) == 0) { - ret = mbedtls_ecp_check_pubkey(&key->grp, &key->Q); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + mbedtls_svc_key_id_t key; + psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; + size_t len = (end - *p); + + if (len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } + /* Compressed point format are not supported yet by PSA crypto. As a + * consequence ecp functions are used to "convert" the point to + * uncompressed format */ + if ((**p == 0x02) || (**p == 0x03)) { + ret = pk_convert_compressed_ec(pk, *p, len, + &(pk->pub_raw_len), pk->pub_raw, + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); + if (ret != 0) { + return ret; + } + } else { + /* Uncompressed format */ + if ((end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + memcpy(pk->pub_raw, *p, (end - *p)); + pk->pub_raw_len = end - *p; + } + + /* Validate the key by trying to importing it */ + psa_set_key_usage_flags(&key_attrs, 0); + psa_set_key_algorithm(&key_attrs, PSA_ALG_ECDSA_ANY); + psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)); + psa_set_key_bits(&key_attrs, pk->ec_bits); + + if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len, + &key) != PSA_SUCCESS) || + (psa_destroy_key(key) != PSA_SUCCESS)) { + mbedtls_platform_zeroize(pk->pub_raw, MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); + pk->pub_raw_len = 0; + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + ret = 0; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx; + if ((ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, + (const unsigned char *) *p, + end - *p)) == 0) { + ret = mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q); + } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + /* * We know mbedtls_ecp_point_read_binary consumed all bytes or failed */ @@ -796,14 +921,14 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) { - ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, &mbedtls_pk_ec_rw(*pk)->grp); + ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, pk); } else #endif { - ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec_rw(*pk)->grp); + ret = pk_use_ecparams(&alg_params, pk); } if (ret == 0) { - ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec_rw(*pk)); + ret = pk_get_ecpubkey(p, end, pk); } } else #endif /* MBEDTLS_ECP_LIGHT */ @@ -1014,7 +1139,7 @@ cleanup: /* * Parse a SEC1 encoded private EC key */ -static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, +static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, const unsigned char *key, size_t keylen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { @@ -1026,6 +1151,7 @@ static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, unsigned char *d; unsigned char *end = p + keylen; unsigned char *end2; + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); /* * RFC 5915, or SEC1 Appendix C.4 @@ -1074,7 +1200,7 @@ static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0)) == 0) { if ((ret = pk_get_ecparams(&p, p + len, ¶ms)) != 0 || - (ret = pk_use_ecparams(¶ms, &eck->grp)) != 0) { + (ret = pk_use_ecparams(¶ms, pk)) != 0) { mbedtls_ecp_keypair_free(eck); return ret; } @@ -1103,7 +1229,7 @@ static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - if ((ret = pk_get_ecpubkey(&p, end2, eck)) == 0) { + if ((ret = pk_get_ecpubkey(&p, end2, pk)) == 0) { pubkey_done = 1; } else { /* @@ -1121,7 +1247,7 @@ static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, } if (!pubkey_done) { - if ((ret = pk_derive_public_key(eck, d, d_len, f_rng, p_rng)) != 0) { + if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) { mbedtls_ecp_keypair_free(eck); return ret; } @@ -1232,10 +1358,10 @@ static int pk_parse_key_pkcs8_unencrypted_der( if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) { - if ((ret = pk_use_ecparams_rfc8410(¶ms, ec_grp_id, - &mbedtls_pk_ec_rw(*pk)->grp)) != 0 || + if ((ret = + pk_use_ecparams_rfc8410(¶ms, ec_grp_id, pk)) != 0 || (ret = - pk_parse_key_rfc8410_der(mbedtls_pk_ec_rw(*pk), p, len, end, f_rng, + pk_parse_key_rfc8410_der(pk, p, len, end, f_rng, p_rng)) != 0) { mbedtls_pk_free(pk); return ret; @@ -1243,8 +1369,8 @@ static int pk_parse_key_pkcs8_unencrypted_der( } else #endif { - if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec_rw(*pk)->grp)) != 0 || - (ret = pk_parse_key_sec1_der(mbedtls_pk_ec_rw(*pk), p, len, f_rng, p_rng)) != 0) { + if ((ret = pk_use_ecparams(¶ms, pk)) != 0 || + (ret = pk_parse_key_sec1_der(pk, p, len, f_rng, p_rng)) != 0) { mbedtls_pk_free(pk); return ret; } @@ -1431,7 +1557,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || - (ret = pk_parse_key_sec1_der(mbedtls_pk_ec_rw(*pk), + (ret = pk_parse_key_sec1_der(pk, pem.buf, pem.buflen, f_rng, p_rng)) != 0) { mbedtls_pk_free(pk); @@ -1555,18 +1681,18 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, #if defined(MBEDTLS_ECP_LIGHT) pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); if (mbedtls_pk_setup(pk, pk_info) == 0 && - pk_parse_key_sec1_der(mbedtls_pk_ec_rw(*pk), + pk_parse_key_sec1_der(pk, key, keylen, f_rng, p_rng) == 0) { return 0; } mbedtls_pk_free(pk); #endif /* MBEDTLS_ECP_LIGHT */ - /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't, + /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_LIGHT isn't, * it is ok to leave the PK context initialized but not * freed: It is the caller's responsibility to call pk_init() * before calling this function, and to call pk_free() - * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C + * when it fails. If MBEDTLS_ECP_LIGHT is defined but MBEDTLS_RSA_C * isn't, this leads to mbedtls_pk_free() being called * twice, once here and once by the caller, but this is * also ok and in line with the mbedtls_pk_free() calls diff --git a/library/pkwrite.c b/library/pkwrite.c index 1f606a4481..3577fa1a0f 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -38,7 +38,10 @@ #include "mbedtls/ecp.h" #include "mbedtls/platform_util.h" #endif -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_LIGHT) +#include "pk_internal.h" +#endif +#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_LIGHT) #include "pkwrite.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -100,15 +103,24 @@ end_of_export: #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) -/* - * EC public key is an EC point - */ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec) + const mbedtls_pk_context *pk) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + len = pk->pub_raw_len; + + if (*p < start || (size_t) (*p - start) < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + memcpy(*p - len, pk->pub_raw, len); + *p -= len; +#else unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; + mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, @@ -122,6 +134,7 @@ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, *p -= len; memcpy(*p, buf, len); +#endif return (int) len; } @@ -183,7 +196,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #endif #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec_rw(*key))); + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); } else #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -324,7 +337,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu #if defined(MBEDTLS_ECP_LIGHT) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) /* - * RFC8410 + * RFC8410 section 7 * * OneAsymmetricKey ::= SEQUENCE { * version Version, @@ -335,7 +348,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu * [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]], * ... * } - * + * ... * CurvePrivateKey ::= OCTET STRING */ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, @@ -491,7 +504,7 @@ end_of_export: */ /* publicKey */ - MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, ec)); + MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, key)); if (c - buf < 1) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; @@ -527,7 +540,7 @@ end_of_export: MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); } else -#endif /* MBEDTLS_ECP_C */ +#endif /* MBEDTLS_ECP_LIGHT */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; return (int) len; diff --git a/library/pkwrite.h b/library/pkwrite.h index 537bd0f8c8..8db2333738 100644 --- a/library/pkwrite.h +++ b/library/pkwrite.h @@ -73,7 +73,7 @@ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_LIGHT) /* * EC public keys: * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2 @@ -98,34 +98,10 @@ */ #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES) -#else /* MBEDTLS_ECP_C */ +#else /* MBEDTLS_ECP_LIGHT */ #define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0 #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0 -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_ECP_LIGHT) -#include "mbedtls/ecp.h" - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) -#define MBEDTLS_PK_HAVE_RFC8410_CURVES - -static inline int mbedtls_pk_is_rfc8410_curve(mbedtls_ecp_group_id id) -{ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - if (id == MBEDTLS_ECP_DP_CURVE25519) { - return 1; - } -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - if (id == MBEDTLS_ECP_DP_CURVE448) { - return 1; - } -#endif - return 0; -} -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ #endif /* MBEDTLS_ECP_LIGHT */ - #endif /* MBEDTLS_PK_WRITE_H */ From a1b8af686916e14cf0b6b4757f808e7e870ce927 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 May 2023 15:34:57 +0200 Subject: [PATCH 260/483] pkwrap: update ECDSA verify and EC pair check to use the new public key Signed-off-by: Valerio Setti --- library/pk_wrap.c | 68 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 52 insertions(+), 16 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0e5e12049a..32d697ac03 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -23,6 +23,7 @@ #if defined(MBEDTLS_PK_C) #include "pk_wrap.h" +#include "pk_internal.h" #include "mbedtls/error.h" /* Even if RSA not activated, for the sake of RSA-alt */ @@ -653,8 +654,12 @@ static int eckey_can_do(mbedtls_pk_type_t type) static size_t eckey_get_bitlen(mbedtls_pk_context *pk) { +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + return pk->ec_bits; +#else mbedtls_ecp_keypair *ecp = (mbedtls_ecp_keypair *) pk->pk_ctx; return ecp->grp.pbits; +#endif } #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) @@ -724,11 +729,20 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len) { - mbedtls_ecp_keypair *ctx = pk->pk_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; + unsigned char *p; + psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; + size_t signature_len; + ((void) md_alg); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + unsigned char buf[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE]; + psa_ecc_family_t curve = pk->ec_family; + size_t curve_bits = pk->ec_bits; +#else + mbedtls_ecp_keypair *ctx = pk->pk_ctx; size_t key_len; /* This buffer will initially contain the public key and then the signature * but at different points in time. For all curves except secp224k1, which @@ -736,13 +750,10 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, * (header byte + 2 numbers, while the signature is only 2 numbers), * so use that as the buffer size. */ unsigned char buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; - unsigned char *p; - psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits); - const size_t signature_part_size = (ctx->grp.nbits + 7) / 8; - ((void) md_alg); +#endif if (curve == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; @@ -752,6 +763,11 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&attributes, psa_sig_md); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + status = psa_import_key(&attributes, + pk->pub_raw, pk->pub_raw_len, + &key_id); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ ret = mbedtls_ecp_point_write_binary(&ctx->grp, &ctx->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &key_len, buf, sizeof(buf)); @@ -762,27 +778,30 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, status = psa_import_key(&attributes, buf, key_len, &key_id); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (status != PSA_SUCCESS) { ret = PSA_PK_TO_MBEDTLS_ERR(status); goto cleanup; } - /* We don't need the exported key anymore and can - * reuse its buffer for signature extraction. */ - if (2 * signature_part_size > sizeof(buf)) { + signature_len = PSA_ECDSA_SIGNATURE_SIZE(curve_bits); + if (signature_len > sizeof(buf)) { ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; goto cleanup; } p = (unsigned char *) sig; + /* extract_ecdsa_sig's last parameter is the size + * of each integer to be parse, so it's actually half + * the size of the signature. */ if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf, - signature_part_size)) != 0) { + signature_len/2)) != 0) { goto cleanup; } status = psa_verify_hash(key_id, psa_sig_md, hash, hash_len, - buf, 2 * signature_part_size); + buf, signature_len); if (status != PSA_SUCCESS) { ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); goto cleanup; @@ -1112,26 +1131,30 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv { psa_status_t status, destruction_status; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_ecp_keypair *prv_ctx = prv->pk_ctx; - mbedtls_ecp_keypair *pub_ctx = pub->pk_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* We are using MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH for the size of this * buffer because it will be used to hold the private key at first and * then its public part (but not at the same time). */ uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t prv_key_len; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + const psa_ecc_family_t curve = prv->ec_family; + const size_t curve_bits = PSA_BITS_TO_BYTES(prv->ec_bits); +#else /* !MBEDTLS_PK_USE_PSA_EC_DATA */ uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t pub_key_len; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; size_t curve_bits; const psa_ecc_family_t curve = - mbedtls_ecc_group_to_psa(prv_ctx->grp.id, &curve_bits); + mbedtls_ecc_group_to_psa(mbedtls_pk_ec_ro(*prv)->grp.id, &curve_bits); const size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits); +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); - ret = mbedtls_mpi_write_binary(&prv_ctx->d, prv_key_buf, curve_bytes); + ret = mbedtls_mpi_write_binary(&mbedtls_pk_ec_ro(*prv)->d, + prv_key_buf, curve_bytes); if (ret != 0) { return ret; } @@ -1154,7 +1177,13 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv return PSA_PK_TO_MBEDTLS_ERR(destruction_status); } - ret = mbedtls_ecp_point_write_binary(&pub_ctx->grp, &pub_ctx->Q, +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (memcmp(prv_key_buf, pub->pub_raw, pub->pub_raw_len) != 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } +#else + ret = mbedtls_ecp_point_write_binary(&mbedtls_pk_ec_rw(*pub)->grp, + &mbedtls_pk_ec_rw(*pub)->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &pub_key_len, pub_key_buf, sizeof(pub_key_buf)); @@ -1165,6 +1194,7 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv if (memcmp(prv_key_buf, pub_key_buf, curve_bytes) != 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return 0; } @@ -1206,10 +1236,16 @@ static void eckey_free_wrap(void *ctx) static void eckey_debug(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items) { +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + items->type = MBEDTLS_PK_DEBUG_PSA_EC; + items->name = "eckey.Q"; + items->value = pk; +#else mbedtls_ecp_keypair *ecp = (mbedtls_ecp_keypair *) pk->pk_ctx; items->type = MBEDTLS_PK_DEBUG_ECP; items->name = "eckey.Q"; items->value = &(ecp->Q); +#endif } const mbedtls_pk_info_t mbedtls_eckey_info = { From 7ca7b90bc7cf917b0d7b662be1d3fa568a1cb2b3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 May 2023 15:35:46 +0200 Subject: [PATCH 261/483] debug: add support for printing the new EC raw format Signed-off-by: Valerio Setti --- library/debug.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/library/debug.c b/library/debug.c index 3969616f4f..1868cb7424 100644 --- a/library/debug.c +++ b/library/debug.c @@ -194,6 +194,52 @@ void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_pk_context *pk) +{ + char str[DEBUG_BUF_SIZE]; + mbedtls_mpi mpi; + const uint8_t *mpi_start; + size_t mpi_len; + int ret; + + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + level > debug_threshold) { + return; + } + + /* For the description of pk->pk_raw content please refer to the description + * psa_export_public_key() function. */ + mpi_len = (pk->pub_raw_len - 1)/2; + + /* X coordinate */ + mbedtls_mpi_init(&mpi); + mpi_start = pk->pub_raw + 1; + ret = mbedtls_mpi_read_binary(&mpi, mpi_start, mpi_len); + if (ret != 0) { + return; + } + mbedtls_snprintf(str, sizeof(str), "%s(X)", text); + mbedtls_debug_print_mpi(ssl, level, file, line, str, &mpi); + mbedtls_mpi_free(&mpi); + + /* Y coordinate */ + mbedtls_mpi_init(&mpi); + mpi_start = mpi_start + mpi_len; + ret = mbedtls_mpi_read_binary(&mpi, mpi_start, mpi_len); + if (ret != 0) { + return; + } + mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); + mbedtls_debug_print_mpi(ssl, level, file, line, str, &mpi); + mbedtls_mpi_free(&mpi); +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + #if defined(MBEDTLS_BIGNUM_C) void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -277,6 +323,11 @@ static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, if (items[i].type == MBEDTLS_PK_DEBUG_ECP) { mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value); } else +#endif +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) { + mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value); + } else #endif { debug_send_line(ssl, level, file, line, "should not happen\n"); } From d7ca39511f8e13af43b8f8ed970758447ad363f5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 May 2023 15:36:18 +0200 Subject: [PATCH 262/483] tls12: use the the raw format for the public key when USE_PSA is enabled Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 0940bdb67c..070583b138 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2010,7 +2010,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) peer_key = mbedtls_pk_ec_ro(*peer_pk); #if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t olen = 0; uint16_t tls_id = 0; psa_ecc_family_t ecc_family; @@ -2034,6 +2033,12 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ssl->handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ecc_family); /* Store peer's public key in psa format. */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + memcpy(ssl->handshake->ecdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); + ssl->handshake->ecdh_psa_peerkey_len = peer_pk->pub_raw_len; + ret = 0; +#else + size_t olen = 0; ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, ssl->handshake->ecdh_psa_peerkey, @@ -2043,8 +2048,8 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret); return ret; } - ssl->handshake->ecdh_psa_peerkey_len = olen; +#endif /* MBEDTLS_ECP_C */ #else if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, MBEDTLS_ECDH_THEIRS)) != 0) { From 92c3f368666de5e4b5fec84c48ac34c8f0da12a8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 May 2023 15:36:44 +0200 Subject: [PATCH 263/483] test_suite_debug: fix USE_PSA_INIT/DONE guards in a test Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 1 + tests/suites/test_suite_debug.function | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 9b2cab8fbf..4a8e50c996 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -224,6 +224,7 @@ typedef enum { MBEDTLS_PK_DEBUG_NONE = 0, MBEDTLS_PK_DEBUG_MPI, MBEDTLS_PK_DEBUG_ECP, + MBEDTLS_PK_DEBUG_PSA_EC, } mbedtls_pk_debug_type; /** diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index da91f44546..b9610406bb 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -167,11 +167,11 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_PSA_INIT(); - mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_x509_crt_init(&crt); + MD_OR_USE_PSA_INIT(); + memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; @@ -193,7 +193,7 @@ exit: mbedtls_x509_crt_free(&crt); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ From 483738ed6789d2c30b6ffa41dfe14d23229d1204 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 May 2023 15:37:29 +0200 Subject: [PATCH 264/483] tests: fixes for using the new public key raw format Signed-off-by: Valerio Setti --- library/pk.c | 33 ++++++++++ library/pk_internal.h | 21 +++++++ tests/suites/test_suite_pk.function | 76 +++++++++++++++++------- tests/suites/test_suite_pkparse.function | 8 ++- 4 files changed, 115 insertions(+), 23 deletions(-) diff --git a/library/pk.c b/library/pk.c index 7a047df3fd..47c19b2086 100644 --- a/library/pk.c +++ b/library/pk.c @@ -196,6 +196,39 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk, + mbedtls_ecp_keypair *ecp_keypair) +{ + int ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + + if (pk == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + /* The raw public key storing mechanism is only supported for EC keys so + * we fail silently for other ones. */ + if ((pk->pk_info->type != MBEDTLS_PK_ECKEY) && + (pk->pk_info->type != MBEDTLS_PK_ECKEY_DH) && + (pk->pk_info->type != MBEDTLS_PK_ECDSA)) { + return 0; + } + + ret = mbedtls_ecp_point_write_binary(&ecp_keypair->grp, &ecp_keypair->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &pk->pub_raw_len, + pk->pub_raw, + MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); + if (ret != 0) { + return ret; + } + + pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id, + &pk->ec_bits); + + return 0; +} +#endif /* MBEDTLS_PK_USE_PSA_EC_PUB_KEY */ + #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* * Initialize an RSA-alt context diff --git a/library/pk_internal.h b/library/pk_internal.h index 09f3d85249..dbb7bc1659 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -23,10 +23,16 @@ #ifndef MBEDTLS_PK_INTERNAL_H #define MBEDTLS_PK_INTERNAL_H +#include "mbedtls/pk.h" + #if defined(MBEDTLS_ECP_LIGHT) #include "mbedtls/ecp.h" #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "psa/crypto.h" +#endif + #if defined(MBEDTLS_ECP_LIGHT) /** * Public function mbedtls_pk_ec() can be used to get direct access to the @@ -85,4 +91,19 @@ static inline int mbedtls_pk_is_rfc8410_curve(mbedtls_ecp_group_id id) #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ #endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +/** + * \brief Copy the public key content in raw format from "ctx->pk_ctx" + * (which is an ecp_keypair) into the internal "ctx->pub_raw" buffer. + * + * \note This is a temporary function that can be removed as soon as the pk + * module is free from ECP_C + * + * \param pk It is the pk_context which is going to be updated. It acts both + * as input and output. + */ +int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk, + mbedtls_ecp_keypair *ecp_keypair); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + #endif /* MBEDTLS_PK_INTERNAL_H */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index f36c6be3c5..d397374951 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/pk.h" +#include "pk_internal.h" /* For error codes */ #include "mbedtls/asn1.h" @@ -24,16 +25,15 @@ #define RSA_KEY_SIZE 512 #define RSA_KEY_LEN 64 -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECP_LIGHT) -static int pk_genkey_ec(mbedtls_ecp_group *grp, - mbedtls_mpi *d, mbedtls_ecp_point *Q) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) { psa_status_t status; + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; size_t curve_bits; - psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id, - &curve_bits); + psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits); unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t key_len; int ret; @@ -53,26 +53,33 @@ static int pk_genkey_ec(mbedtls_ecp_group *grp, goto exit; } - ret = mbedtls_mpi_read_binary(d, key_buf, key_len); + ret = mbedtls_mpi_read_binary(&eck->d, key_buf, key_len); if (ret != 0) { goto exit; } - status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), - &key_len); + status = psa_export_public_key(key_id, pk->pub_raw, sizeof(pk->pub_raw), + &pk->pub_raw_len); if (status != PSA_SUCCESS) { ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; goto exit; } - ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len); + pk->ec_family = curve; + pk->ec_bits = curve_bits; + + status = psa_destroy_key(key_id); + if (status != PSA_SUCCESS) { + return psa_pk_status_to_mbedtls(status); + } + + return 0; exit: - psa_destroy_key(key_id); - - return ret; + status = psa_destroy_key(key_id); + return (ret != 0) ? ret : psa_pk_status_to_mbedtls(status); } -#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /** Generate a key of the desired type. * @@ -102,22 +109,36 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { int ret; - if ((ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, - parameter)) != 0) { + + ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, parameter); + if (ret != 0) { return ret; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) - return pk_genkey_ec(&mbedtls_pk_ec_rw(*pk)->grp, - &mbedtls_pk_ec_rw(*pk)->d, - &mbedtls_pk_ec_rw(*pk)->Q); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + mbedtls_ecp_group grp; + /* Duplicating the mbedtls_ecp_group_load call to make this part + * more future future proof for when ECP_C will not be defined. */ + mbedtls_ecp_group_init(&grp); + ret = mbedtls_ecp_group_load(&grp, parameter); + if (ret != 0) { + return ret; + } + ret = pk_genkey_ec(pk, grp.id); + if (ret != 0) { + return ret; + } + mbedtls_ecp_group_free(&grp); + + return 0; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_ECP_C) return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, &mbedtls_pk_ec_rw(*pk)->d, &mbedtls_pk_ec_rw(*pk)->Q, mbedtls_test_rnd_std_rand, NULL); #endif /* MBEDTLS_ECP_C */ + } #endif /* MBEDTLS_ECP_LIGHT */ return -1; @@ -702,7 +723,6 @@ void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash, data_t *sig, int ret) { mbedtls_pk_context pk; - mbedtls_ecp_keypair *eckey; mbedtls_pk_init(&pk); USE_PSA_INIT(); @@ -710,11 +730,23 @@ void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash, TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA)); - eckey = mbedtls_pk_ec_rw(pk); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + mbedtls_ecp_keypair ecp; + mbedtls_ecp_keypair_init(&ecp); + + TEST_ASSERT(mbedtls_ecp_group_load(&ecp.grp, id) == 0); + TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp.grp, &ecp.Q, + key->x, key->len) == 0); + TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk, &ecp) == 0); + + mbedtls_ecp_keypair_free(&ecp); +#else + mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk); TEST_ASSERT(mbedtls_ecp_group_load(&eckey->grp, id) == 0); TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q, key->x, key->len) == 0); +#endif // MBEDTLS_MD_NONE is used since it will be ignored. TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE, diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index e0e33000da..a49b6d3195 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -84,10 +84,16 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) TEST_ASSERT(res == result); if (res == 0) { - const mbedtls_ecp_keypair *eckey; TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + /* No need to check whether the parsed public point is on the curve or + * not because this is already done by the internal "pk_get_ecpubkey()" + * function */ +#else + const mbedtls_ecp_keypair *eckey; eckey = mbedtls_pk_ec_ro(ctx); TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0); +#endif } exit: From fa3f74145b21d9d9c827a016bcc5b6d355a0afd1 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 17 May 2023 17:35:47 +0200 Subject: [PATCH 265/483] Add documentation Signed-off-by: Gabor Mezei --- library/ecp_invasive.h | 47 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index cfa12e9be7..16b7b61418 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -171,9 +171,20 @@ int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -/* - * Fast quasi-reduction modulo p192k1 = 2^192 - R, - * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 +/** Fast quasi-reduction modulo p192k1 = 2^192 - R, + * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x01000011C9 + * + * \param[in,out] X The address of the MPI to be converted. + * Must have exact limb size that stores a 384-bit MPI + * (double the bitlength of the modulus). + * Upon return holds the reduced value which is + * in range `0 <= X < 2 * N` (where N is the modulus). + * The bitlength of the reduced value is the same as + * that of the modulus (192 bits). + * \param[in] X_limbs The length of \p X in limbs. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed. */ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); @@ -182,6 +193,21 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +/** Fast quasi-reduction modulo p224k1 = 2^224 - R, + * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 + * + * \param[in,out] X The address of the MPI to be converted. + * Must have exact limb size that stores a 448-bit MPI + * (double the bitlength of the modulus). + * Upon return holds the reduced value which is + * in range `0 <= X < 2 * N` (where N is the modulus). + * The bitlength of the reduced value is the same as + * that of the modulus (224 bits). + * \param[in] X_limbs The length of \p X in limbs. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed. + */ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); @@ -189,6 +215,21 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +/** Fast quasi-reduction modulo p256k1 = 2^256 - R, + * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 + * + * \param[in,out] X The address of the MPI to be converted. + * Must have exact limb size that stores a 512-bit MPI + * (double the bitlength of the modulus). + * Upon return holds the reduced value which is + * in range `0 <= X < 2 * N` (where N is the modulus). + * The bitlength of the reduced value is the same as + * that of the modulus (256 bits). + * \param[in] X_limbs The length of \p X in limbs. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed. + */ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); From 1a75269589613e1c687050e7cf2c628268083a4b Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sat, 1 Apr 2023 09:44:11 -0400 Subject: [PATCH 266/483] Move mbedtls_x509_san_list to x509.h Signed-off-by: Andrzej Kurek --- include/mbedtls/x509.h | 7 +++++++ include/mbedtls/x509_csr.h | 6 ------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 7faf176b5a..8582e76b8d 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -312,6 +312,12 @@ typedef struct mbedtls_x509_subject_alternative_name { } mbedtls_x509_subject_alternative_name; +typedef struct mbedtls_x509_san_list { + mbedtls_x509_subject_alternative_name node; + struct mbedtls_x509_san_list *next; +} +mbedtls_x509_san_list; + /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ /** @@ -467,6 +473,7 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t val_len); int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first); + int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first); int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index f3f9e13a03..e469df26c8 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -83,12 +83,6 @@ typedef struct mbedtls_x509write_csr { } mbedtls_x509write_csr; -typedef struct mbedtls_x509_san_list { - mbedtls_x509_subject_alternative_name node; - struct mbedtls_x509_san_list *next; -} -mbedtls_x509_san_list; - #if defined(MBEDTLS_X509_CSR_PARSE_C) /** * \brief Load a Certificate Signing Request (CSR) in DER format From ccdd9752865b4ca24e788f74e38fa423040df468 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sat, 1 Apr 2023 10:38:30 -0400 Subject: [PATCH 267/483] Add a certificate exercising all supported SAN types This will be used for comparison in unit tests. Add a possibility to write certificates with SAN in cert_write. Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 102 +++++++++++++++++- tests/data_files/Makefile | 2 + .../data_files/server1.allSubjectAltNames.crt | 23 ++++ 3 files changed, 125 insertions(+), 2 deletions(-) create mode 100644 tests/data_files/server1.allSubjectAltNames.crt diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 51b09f3d65..ac6187a198 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -79,6 +79,7 @@ int main(void) #define DFL_NOT_AFTER "20301231235959" #define DFL_SERIAL "1" #define DFL_SERIAL_HEX "1" +#define DFL_EXT_SUBJECTALTNAME "" #define DFL_SELFSIGN 0 #define DFL_IS_CA 0 #define DFL_MAX_PATHLEN -1 @@ -134,6 +135,13 @@ int main(void) " subject_identifier=%%s default: 1\n" \ " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ + " san=%%s default: (none)\n" \ + " Comma-separated-list of values:\n" \ + " DNS:value\n" \ + " URI:value\n" \ + " RFC822:value\n" \ + " IP:value (Only IPv4 is supported)\n" \ + " DN:value\n" \ " authority_identifier=%%s default: 1\n" \ " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ @@ -188,6 +196,7 @@ struct options { const char *issuer_pwd; /* password for the issuer key file */ const char *output_file; /* where to store the constructed CRT */ const char *subject_name; /* subject name for certificate */ + mbedtls_x509_san_list *san_list; /* subjectAltName for certificate */ const char *issuer_name; /* issuer name for certificate */ const char *not_before; /* validity period not before */ const char *not_after; /* validity period not after */ @@ -207,6 +216,19 @@ struct options { int format; /* format */ } opt; +static int ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) +{ + for (int i = 0; i < maxBytes; i++) { + bytes[i] = strtoul(str, NULL, 16); + str = strchr(str, '.'); + if (str == NULL || *str == '\0') { + break; + } + str++; + } + return 0; +} + int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) @@ -301,7 +323,7 @@ int main(int argc, char *argv[]) char buf[1024]; char issuer_name[256]; int i; - char *p, *q, *r; + char *p, *q, *r, *r2; #if defined(MBEDTLS_X509_CSR_PARSE_C) char subject_name[256]; mbedtls_x509_csr csr; @@ -314,7 +336,8 @@ int main(int argc, char *argv[]) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; - + mbedtls_x509_san_list *cur, *prev; + uint8_t ip[4] = { 0 }; /* * Set to sane values */ @@ -370,6 +393,7 @@ usage: opt.authority_identifier = DFL_AUTH_IDENT; opt.basic_constraints = DFL_CONSTRAINTS; opt.format = DFL_FORMAT; + opt.san_list = NULL; for (i = 1; i < argc; i++) { @@ -526,6 +550,69 @@ usage: *tail = ext_key_usage; tail = &ext_key_usage->next; + q = r; + } + } else if (strcmp(p, "san") == 0) { + prev = NULL; + + while (q != NULL) { + if ((r = strchr(q, ';')) != NULL) { + *r++ = '\0'; + } + + cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list)); + if (cur == NULL) { + mbedtls_printf("Not enough memory for subjectAltName list\n"); + goto usage; + } + + cur->next = NULL; + + if ((r2 = strchr(q, ':')) != NULL) { + *r2++ = '\0'; + } + if (strcmp(q, "RFC822") == 0) { + cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; + } else if (strcmp(q, "URI") == 0) { + cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; + } else if (strcmp(q, "DNS") == 0) { + cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; + } else if (strcmp(q, "IP") == 0) { + cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; + ip_string_to_bytes(r2, ip, 4); + cur->node.san.unstructured_name.p = (unsigned char *) ip; + cur->node.san.unstructured_name.len = sizeof(ip); + } else if (strcmp(q, "DN") == 0) { + mbedtls_asn1_named_data *ext_san_dirname = NULL; + cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; + if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, + r2)) != 0) { + mbedtls_strerror(ret, buf, sizeof(buf)); + mbedtls_printf( + " failed\n ! mbedtls_x509_string_to_names " + "returned -0x%04x - %s\n\n", + (unsigned int) -ret, buf); + goto exit; + } + cur->node.san.directory_name = *ext_san_dirname; + } else { + mbedtls_free(cur); + goto usage; + } + + if (strcmp(q, "IP") != 0 && strcmp(q, "DN") != 0) { + q = r2; + cur->node.san.unstructured_name.p = (unsigned char *) q; + cur->node.san.unstructured_name.len = strlen(q); + } + + if (prev == NULL) { + opt.san_list = cur; + } else { + prev->next = cur; + } + + prev = cur; q = r; } } else if (strcmp(p, "ns_cert_type") == 0) { @@ -833,6 +920,17 @@ usage: mbedtls_printf(" ok\n"); } + if (opt.san_list != NULL) { + ret = mbedtls_x509write_crt_set_subject_alternative_name(&crt, opt.san_list); + + if (ret != 0) { + mbedtls_printf( + " failed\n ! mbedtls_x509write_csr_set_subject_alternative_name returned %d", + ret); + goto exit; + } + } + if (opt.ext_key_usage) { mbedtls_printf(" . Adding the Extended Key Usage extension ..."); fflush(stdout); diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 2bc17fb24b..fd68336e1d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1198,6 +1198,8 @@ test_ca_server1_config_file = test-ca.server1.opensslconf server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ +server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ diff --git a/tests/data_files/server1.allSubjectAltNames.crt b/tests/data_files/server1.allSubjectAltNames.crt new file mode 100644 index 0000000000..13af873107 --- /dev/null +++ b/tests/data_files/server1.allSubjectAltNames.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o4HaMIHXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MIGJBgNVHREEgYEwf4EQ +bWFpbEBleGFtcGxlLmNvbYILZXhhbXBsZS5jb22kQDA+MQswCQYDVQQGEwJVSzER +MA8GA1UECgwITWJlZCBUTFMxHDAaBgNVBAMME1N1YmplY3RBbHROYW1lIHRlc3SH +BAECAwSGFmh0dHA6Ly9wa2kuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEB +AGPFB8YGpe6PRniPkYVlpCf5WwleYCpcP4AEvFHj5dD1UcBcqKjppJRGssg+S0fP +nNwYRjaVjKuhWSGIMrk0nZqsiexnkCma0S8kdFvHtCfbR9c9pQSn44olVMbHx/t8 +dzv7Z48HqsqvG0hn3AwDlZ+KrnTZFzzpWzfLkbPdZko/oHoFmqEekEuyOK9vO3fj +eNm5SzYtqOigw8TxkTb1+Qi9Cj66VEwVESW1y/TL9073Kx0lBoY8wj1Pvfdhplrg +IwYIwrr0HM+7nlYEhEI++NAbZhjQoS2kF5i7xpomUkYH9ePbrwWYBcuN00pljXEm +ioY0KKlx00fRehPH/6TBHZI= +-----END CERTIFICATE----- From 67fdb3307dd96f210675f014f2bce29065b3f4ee Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 06:56:14 -0400 Subject: [PATCH 268/483] Add a possibility to write subject alt names in a certificate Signed-off-by: Andrzej Kurek --- include/mbedtls/x509_crt.h | 3 + library/x509write_crt.c | 123 +++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e1b4aa238d..57e3cce1ac 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -241,6 +241,9 @@ typedef struct mbedtls_x509write_cert { } mbedtls_x509write_cert; +int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, + const mbedtls_x509_san_list *san_list); + /** * Item in a verification chain: cert and flags for it */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 70d7e93db2..bcc9cb007d 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -31,6 +31,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" +#include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/md.h" @@ -152,6 +153,128 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, return 0; } + +int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, + const mbedtls_x509_san_list *san_list) +{ + int ret = 0; + const mbedtls_x509_san_list *cur; + unsigned char *buf; + unsigned char *p; + size_t len; + size_t buflen = 0; + + /* Determine the maximum size of the SubjectAltName list */ + for (cur = san_list; cur != NULL; cur = cur->next) { + /* Calculate size of the required buffer */ + switch (cur->node.type) { + case MBEDTLS_X509_SAN_DNS_NAME: + case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: + case MBEDTLS_X509_SAN_IP_ADDRESS: + /* length of value for each name entry, + * maximum 4 bytes for the length field, + * 1 byte for the tag/type. + */ + buflen += cur->node.san.unstructured_name.len + 4 + 1; + break; + case MBEDTLS_X509_SAN_DIRECTORY_NAME: + const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; + while (chunk != NULL) { + // 5 bytes for OID, max 4 bytes for length, +1 for tag, + // additional 4 max for length, +1 for tag. + // See x509_write_name for more information. + buflen += chunk->val.len + 5 + 4 + 1 + 4 + 1; + chunk = chunk->next; + } + buflen += cur->node.san.unstructured_name.len + 4 + 1; + break; + default: + /* Not supported - skip. */ + break; + } + } + + /* Add the extra length field and tag */ + buflen += 4 + 1; + + /* Allocate buffer */ + buf = mbedtls_calloc(1, buflen); + if (buf == NULL) { + return MBEDTLS_ERR_ASN1_ALLOC_FAILED; + } + + mbedtls_platform_zeroize(buf, buflen); + p = buf + buflen; + + /* Write ASN.1-based structure */ + cur = san_list; + len = 0; + while (cur != NULL) { + size_t single_san_len = 0; + switch (cur->node.type) { + case MBEDTLS_X509_SAN_DNS_NAME: + case MBEDTLS_X509_SAN_RFC822_NAME: + case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: + case MBEDTLS_X509_SAN_IP_ADDRESS: + { + const unsigned char *unstructured_name = + (const unsigned char *) cur->node.san.unstructured_name.p; + size_t unstructured_name_len = cur->node.san.unstructured_name.len; + + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_raw_buffer( + &p, buf, + unstructured_name, unstructured_name_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len( + &p, buf, unstructured_name_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_tag( + &p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type)); + } + break; + case MBEDTLS_X509_SAN_DIRECTORY_NAME: + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_x509_write_names(&p, buf, + (mbedtls_asn1_named_data *) & + cur->node + .san.directory_name)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_len(&p, buf, single_san_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_tag(&p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_X509_SAN_DIRECTORY_NAME)); + break; + default: + /* Skip unsupported names. */ + break; + } + cur = cur->next; + len += single_san_len; + } + + MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, + mbedtls_asn1_write_tag(&p, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + ret = mbedtls_x509write_crt_set_extension( + ctx, + MBEDTLS_OID_SUBJECT_ALT_NAME, + MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME), + 0, + buf + buflen - len, + len); + +cleanup: + mbedtls_free(buf); + return ret; +} + + int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, From d56e6e008bb5979c68d8710b5a992b664dc9212c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 17 May 2023 17:51:19 +0200 Subject: [PATCH 269/483] Add input parameter length check for the Koblitz reduction Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 13 +++++++++++++ library/ecp_invasive.h | 6 ++++++ 2 files changed, 19 insertions(+) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 149697087e..6573f8954d 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5643,6 +5643,10 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) 0x01, 0x00, 0x00, 0x00) }; + if (X_limbs != 2 * ((192 + biL - 1) / biL)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + return ecp_mod_koblitz(X, X_limbs, Rp, 192); } @@ -5673,6 +5677,10 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) 0x01, 0x00, 0x00, 0x00) }; + if (X_limbs != 2 * 224 / biL) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + return ecp_mod_koblitz(X, X_limbs, Rp, 224); } @@ -5702,6 +5710,11 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs) MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; + + if (X_limbs != 2 * ((256 + biL - 1) / biL)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + return ecp_mod_koblitz(X, X_limbs, Rp, 256); } diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 16b7b61418..aadcdbc78e 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -184,6 +184,8 @@ int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs); * \param[in] X_limbs The length of \p X in limbs. * * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X does not have + * twice as many limbs as the modulus. * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed. */ MBEDTLS_STATIC_TESTABLE @@ -206,6 +208,8 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); * \param[in] X_limbs The length of \p X in limbs. * * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X does not have + * twice as many limbs as the modulus. * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed. */ MBEDTLS_STATIC_TESTABLE @@ -228,6 +232,8 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); * \param[in] X_limbs The length of \p X in limbs. * * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X does not have + * twice as many limbs as the modulus. * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed. */ MBEDTLS_STATIC_TESTABLE From c1541cb3c72b0037566c3aabbf745122ff5374cc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 May 2023 15:49:55 +0200 Subject: [PATCH 270/483] pk: minor fixes (guards and a wrong assignment) Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 5 +++-- library/debug.c | 2 +- library/pk.c | 2 +- library/pk_wrap.c | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 4a8e50c996..f2cf9fed25 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -213,7 +213,8 @@ typedef struct mbedtls_pk_rsassa_pss_options { * format and use PSA functions * - if !ECP_C then use new raw data and PSA functions directly. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \ + defined(MBEDTLS_ECP_LIGHT) #define MBEDTLS_PK_USE_PSA_EC_DATA #endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ @@ -290,7 +291,7 @@ typedef struct mbedtls_pk_context { size_t MBEDTLS_PRIVATE(pub_raw_len); /**< Valid bytes in "pub_raw" */ psa_ecc_family_t MBEDTLS_PRIVATE(ec_family); /**< EC family of pk */ size_t MBEDTLS_PRIVATE(ec_bits); /**< Curve's bits of pk */ -#endif /* MBEDTLS_PK_USE_PSA_EC_PUB_KEY */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } mbedtls_pk_context; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/library/debug.c b/library/debug.c index 1868cb7424..8236452757 100644 --- a/library/debug.c +++ b/library/debug.c @@ -194,6 +194,7 @@ void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_BIGNUM_C) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, const char *file, int line, @@ -240,7 +241,6 @@ void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#if defined(MBEDTLS_BIGNUM_C) void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_mpi *X) diff --git a/library/pk.c b/library/pk.c index 47c19b2086..826c29a8cb 100644 --- a/library/pk.c +++ b/library/pk.c @@ -227,7 +227,7 @@ int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk, return 0; } -#endif /* MBEDTLS_PK_USE_PSA_EC_PUB_KEY */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 32d697ac03..376af2509a 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1140,15 +1140,15 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) const psa_ecc_family_t curve = prv->ec_family; - const size_t curve_bits = PSA_BITS_TO_BYTES(prv->ec_bits); + const size_t curve_bits = prv->ec_bits; #else /* !MBEDTLS_PK_USE_PSA_EC_DATA */ uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t pub_key_len; size_t curve_bits; const psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(mbedtls_pk_ec_ro(*prv)->grp.id, &curve_bits); - const size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits); #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ + const size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits); psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); From 76c9662e8eefdc9768cfa34e9d43e2b26d36ba9b Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 06:57:08 -0400 Subject: [PATCH 271/483] Add a test for SubjectAltName writing to a certificate Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_x509write.data | 56 ++++++++++++---------- tests/suites/test_suite_x509write.function | 47 +++++++++++++++++- 2 files changed, 76 insertions(+), 27 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index e2198dc6bd..bf6fe69831 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -60,107 +60,111 @@ x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU Certificate write check Server1 SHA1 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 1970 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not after 2050 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 1970, not after 2050 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 2050, not after 2059 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, key_usage depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, one ext_key_usage depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, two ext_key_usages depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, ns_cert_type depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, version 1 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, CA depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, key_usage depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, version 1 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, CA depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, key_usage depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, ns_cert_type depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, version 1 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, CA depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Full length serial depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Serial starting with 0x80 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, All 0xFF full length serial depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server5 ECDSA depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt" +x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt":0 Certificate write check Server5 ECDSA, Opaque depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt" +x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0 + +Certificate write check Server5 ECDSA, SubjectAltNames +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1 X509 String to Names #1 mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0 diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index b08555c9b8..6f9b8db5b9 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -326,7 +326,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, char *ext_key_usage, int cert_type, int set_cert_type, int auth_ident, int ver, char *cert_check_file, int pk_wrap, int is_ca, - char *cert_verify_file) + char *cert_verify_file, int set_subjectAltNames) { mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; mbedtls_pk_context *key = &issuer_key; @@ -348,6 +348,48 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; #endif mbedtls_pk_type_t issuer_key_type; + mbedtls_x509_san_list san_ip; + mbedtls_x509_san_list san_dns; + mbedtls_x509_san_list san_uri; + mbedtls_x509_san_list san_mail; + mbedtls_x509_san_list san_dn; + mbedtls_asn1_named_data *ext_san_dirname = NULL; + const char san_ip_name[] = { 0x01, 0x02, 0x03, 0x04 }; + const char *san_dns_name = "example.com"; + const char *san_dn_name = "C=UK,O=Mbed TLS,CN=SubjectAltName test"; + const char *san_mail_name = "mail@example.com"; + const char *san_uri_name = "http://pki.example.com"; + mbedtls_x509_san_list *san_list = NULL; + + if (set_subjectAltNames) { + san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; + san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; + san_mail.node.san.unstructured_name.len = sizeof(san_mail_name); + san_mail.next = NULL; + + san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; + san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; + san_dns.node.san.unstructured_name.len = strlen(san_dns_name); + san_dns.next = &san_mail; + + san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; + TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname, + san_dn_name) == 0); + san_dn.node.san.directory_name = *ext_san_dirname; + san_dn.next = &san_dns; + + san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; + san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; + san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); + san_ip.next = &san_dn; + + san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; + san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name; + san_uri.node.san.unstructured_name.len = strlen(san_uri_name); + san_uri.next = &san_ip; + + san_list = &san_uri; + } memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); #if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) @@ -465,6 +507,9 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, } } + if (set_subjectAltNames) { + TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0); + } ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf), mbedtls_test_rnd_pseudo_rand, &rnd_info); TEST_ASSERT(ret == 0); From 1bc7df2540d37459a30ea652af3d7a15e2bbf083 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 07:09:04 -0400 Subject: [PATCH 272/483] Add documentation and a changelog entry Signed-off-by: Andrzej Kurek --- ChangeLog.d/add-subjectAltName-certs.txt | 6 ++++++ include/mbedtls/x509.h | 1 - include/mbedtls/x509_crt.h | 12 ++++++++++++ library/x509write_crt.c | 1 - programs/x509/cert_write.c | 2 +- 5 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/add-subjectAltName-certs.txt diff --git a/ChangeLog.d/add-subjectAltName-certs.txt b/ChangeLog.d/add-subjectAltName-certs.txt new file mode 100644 index 0000000000..487e5c656e --- /dev/null +++ b/ChangeLog.d/add-subjectAltName-certs.txt @@ -0,0 +1,6 @@ +Features + * It is now possible to generate certificates with SubjectAltNames. + Currently supported subtypes: DnsName, UniformResourceIdentifier, + IP address, OtherName, and DirectoryName, as defined in RFC 5280. + See mbedtls_x509write_crt_set_subject_alternative_name for + more information. diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 8582e76b8d..ef4d75da2d 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -473,7 +473,6 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t val_len); int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first); - int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first); int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 57e3cce1ac..537408e79e 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -241,6 +241,18 @@ typedef struct mbedtls_x509write_cert { } mbedtls_x509write_cert; +/** + * \brief Set Subject Alternative Name + * + * \param ctx Certificate context to use + * \param san_list List of SAN values + * + * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * + * \note "dnsName", "uniformResourceIdentifier", "IP address", + * "otherName", and "DirectoryName", as defined in RFC 5280, + * are supported. + */ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, const mbedtls_x509_san_list *san_list); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index bcc9cb007d..04ce9845d8 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -153,7 +153,6 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, return 0; } - int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, const mbedtls_x509_san_list *san_list) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index ac6187a198..477b47bf18 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -925,7 +925,7 @@ usage: if (ret != 0) { mbedtls_printf( - " failed\n ! mbedtls_x509write_csr_set_subject_alternative_name returned %d", + " failed\n ! mbedtls_x509write_crt_set_subject_alternative_name returned %d", ret); goto exit; } From c6215b0ce1ad833cc2e2441c5c6275a5d5b0fb0a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 09:30:12 -0400 Subject: [PATCH 273/483] Add braces to a switch case Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 04ce9845d8..63f490d6df 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -177,6 +177,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c buflen += cur->node.san.unstructured_name.len + 4 + 1; break; case MBEDTLS_X509_SAN_DIRECTORY_NAME: + { const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; while (chunk != NULL) { // 5 bytes for OID, max 4 bytes for length, +1 for tag, @@ -187,6 +188,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c } buflen += cur->node.san.unstructured_name.len + 4 + 1; break; + } default: /* Not supported - skip. */ break; From 13c43f682eeec3a698ce8b1d7ae7681a5cd29083 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 10:43:38 -0400 Subject: [PATCH 274/483] Fix a copy-paste typo Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_x509write.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 6f9b8db5b9..8407a654fa 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -364,7 +364,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, if (set_subjectAltNames) { san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; - san_mail.node.san.unstructured_name.len = sizeof(san_mail_name); + san_mail.node.san.unstructured_name.len = strlen(san_mail_name); san_mail.next = NULL; san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; From 5da1d751e97723e1ae464843d4cb938c78f2f828 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 5 Apr 2023 08:30:59 -0400 Subject: [PATCH 275/483] Add missing memory deallocation Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 3 ++- tests/suites/test_suite_x509write.function | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 477b47bf18..07a59b83a8 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -337,6 +337,7 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; mbedtls_x509_san_list *cur, *prev; + mbedtls_asn1_named_data *ext_san_dirname = NULL; uint8_t ip[4] = { 0 }; /* * Set to sane values @@ -583,7 +584,6 @@ usage: cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.len = sizeof(ip); } else if (strcmp(q, "DN") == 0) { - mbedtls_asn1_named_data *ext_san_dirname = NULL; cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, r2)) != 0) { @@ -986,6 +986,7 @@ exit: #if defined(MBEDTLS_X509_CSR_PARSE_C) mbedtls_x509_csr_free(&csr); #endif /* MBEDTLS_X509_CSR_PARSE_C */ + mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_x509_crt_free(&issuer_crt); mbedtls_x509write_crt_free(&crt); mbedtls_pk_free(&loaded_subject_key); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 8407a654fa..d93c1716db 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -618,6 +618,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); exit: + mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_x509write_crt_free(&crt); mbedtls_pk_free(&issuer_key_alt); mbedtls_pk_free(&subject_key); From a194904055fc2046ab224a9700307ee92b81404c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 5 Apr 2023 09:59:02 -0400 Subject: [PATCH 276/483] Fix subjectAltName test prerequisites Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_x509write.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index bf6fe69831..05a6c2c2cd 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -162,8 +162,8 @@ Certificate write check Server5 ECDSA, Opaque depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0 -Certificate write check Server5 ECDSA, SubjectAltNames -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +Certificate write check Server1 SHA1, SubjectAltNames +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1 X509 String to Names #1 From ed557930bbeb5c7d18bb0b801d619f75c22d818f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 5 Apr 2023 11:19:30 -0400 Subject: [PATCH 277/483] Update ip_string_to_bytes to cert_req version Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 07a59b83a8..c8412fb0f8 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -216,17 +216,16 @@ struct options { int format; /* format */ } opt; -static int ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) +static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) { for (int i = 0; i < maxBytes; i++) { - bytes[i] = strtoul(str, NULL, 16); + bytes[i] = (uint8_t) strtoul(str, NULL, 16); str = strchr(str, '.'); if (str == NULL || *str == '\0') { break; } str++; } - return 0; } int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, From f70f460e5f8d0423bccfa4eddf4941e30a0f5940 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 24 Apr 2023 18:39:53 -0400 Subject: [PATCH 278/483] Fix temporary IP parsing error Signed-off-by: Andrzej Kurek --- programs/x509/cert_req.c | 4 ++-- programs/x509/cert_write.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 1772f87d9b..fe060f3d92 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -66,7 +66,7 @@ int main(void) " output_file=%%s default: cert.req\n" \ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ " san=%%s default: (none)\n" \ - " Comma-separated-list of values:\n" \ + " Semicolon-separated-list of values:\n" \ " DNS:value\n" \ " URI:value\n" \ " IP:value (Only IPv4 is supported)\n" \ @@ -119,7 +119,7 @@ struct options { static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) { for (int i = 0; i < maxBytes; i++) { - bytes[i] = (uint8_t) strtoul(str, NULL, 16); + bytes[i] = (uint8_t) strtoul(str, NULL, 10); str = strchr(str, '.'); if (str == NULL || *str == '\0') { break; diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index c8412fb0f8..717cd396a7 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -136,12 +136,12 @@ int main(void) " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ " san=%%s default: (none)\n" \ - " Comma-separated-list of values:\n" \ + " Semicolon-separated-list of values:\n" \ " DNS:value\n" \ " URI:value\n" \ " RFC822:value\n" \ " IP:value (Only IPv4 is supported)\n" \ - " DN:value\n" \ + " DN:list of comma separated key=value pairs\n"\ " authority_identifier=%%s default: 1\n" \ " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ @@ -219,7 +219,7 @@ struct options { static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) { for (int i = 0; i < maxBytes; i++) { - bytes[i] = (uint8_t) strtoul(str, NULL, 16); + bytes[i] = (uint8_t) strtoul(str, NULL, 10); str = strchr(str, '.'); if (str == NULL || *str == '\0') { break; From 446e53d401af619272a8ea2015e0e044bcc36318 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 25 Apr 2023 02:21:07 -0400 Subject: [PATCH 279/483] Fix a code style issue Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 717cd396a7..554db3191e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -141,7 +141,7 @@ int main(void) " URI:value\n" \ " RFC822:value\n" \ " IP:value (Only IPv4 is supported)\n" \ - " DN:list of comma separated key=value pairs\n"\ + " DN:list of comma separated key=value pairs\n" \ " authority_identifier=%%s default: 1\n" \ " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ From dc22090671acdc815597831b5e69eea97fe49e1c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 25 Apr 2023 02:29:00 -0400 Subject: [PATCH 280/483] Return an error on an unsupported SubjectAltName Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 63f490d6df..aa4b9074c0 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -190,8 +190,8 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c break; } default: - /* Not supported - skip. */ - break; + /* Not supported - return. */ + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } } @@ -249,8 +249,9 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c MBEDTLS_X509_SAN_DIRECTORY_NAME)); break; default: - /* Skip unsupported names. */ - break; + /* Error out on an unsupported SAN */ + ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + goto cleanup; } cur = cur->next; len += single_san_len; From e488c454ea7c4b10c926f35b8c04b4f9a4a66a49 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 25 Apr 2023 04:23:33 -0400 Subject: [PATCH 281/483] Remove unnecessary zeroization Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index aa4b9074c0..6b23a94a9a 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -203,8 +203,6 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c if (buf == NULL) { return MBEDTLS_ERR_ASN1_ALLOC_FAILED; } - - mbedtls_platform_zeroize(buf, buflen); p = buf + buflen; /* Write ASN.1-based structure */ From 908716f09712c68c2e9271fa8d4149a2947011f2 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 25 Apr 2023 04:31:26 -0400 Subject: [PATCH 282/483] Add missing RFC822_NAME case to SAN setting Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 6b23a94a9a..e3b8f605ea 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -170,6 +170,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: case MBEDTLS_X509_SAN_IP_ADDRESS: + case MBEDTLS_X509_SAN_RFC822_NAME: /* length of value for each name entry, * maximum 4 bytes for the length field, * 1 byte for the tag/type. From 5eebfb8fd06b7e01421ca3eb6869744dcdc0aed5 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 27 Apr 2023 07:50:56 -0400 Subject: [PATCH 283/483] Enable escaping ';' in cert_write.c SANs This might get used in URIs. Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 40 +++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 554db3191e..6d318e5f7e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -322,7 +322,7 @@ int main(int argc, char *argv[]) char buf[1024]; char issuer_name[256]; int i; - char *p, *q, *r, *r2; + char *p, *q, *r; #if defined(MBEDTLS_X509_CSR_PARSE_C) char subject_name[256]; mbedtls_x509_csr csr; @@ -553,11 +553,34 @@ usage: q = r; } } else if (strcmp(p, "san") == 0) { + char *subtype_value; prev = NULL; while (q != NULL) { - if ((r = strchr(q, ';')) != NULL) { + char *semicolon; + r = q; + + /* Find the first non-escaped ; occurrence and remove escaped ones */ + do { + if ((semicolon = strchr(r, ';')) != NULL) { + if (*(semicolon-1) != '\\') { + r = semicolon; + break; + } + /* Remove the escape character */ + size_t size_left = strlen(semicolon); + memmove(semicolon-1, semicolon, size_left); + *(semicolon + size_left - 1) = '\0'; + /* r will now point at the character after the semicolon */ + r = semicolon; + } + + } while (semicolon != NULL); + + if (semicolon != NULL) { *r++ = '\0'; + } else { + r = NULL; } cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list)); @@ -568,8 +591,8 @@ usage: cur->next = NULL; - if ((r2 = strchr(q, ':')) != NULL) { - *r2++ = '\0'; + if ((subtype_value = strchr(q, ':')) != NULL) { + *subtype_value++ = '\0'; } if (strcmp(q, "RFC822") == 0) { cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; @@ -579,13 +602,13 @@ usage: cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; } else if (strcmp(q, "IP") == 0) { cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_string_to_bytes(r2, ip, 4); + ip_string_to_bytes(subtype_value, ip, 4); cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.len = sizeof(ip); } else if (strcmp(q, "DN") == 0) { cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, - r2)) != 0) { + subtype_value)) != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf( " failed\n ! mbedtls_x509_string_to_names " @@ -600,9 +623,8 @@ usage: } if (strcmp(q, "IP") != 0 && strcmp(q, "DN") != 0) { - q = r2; - cur->node.san.unstructured_name.p = (unsigned char *) q; - cur->node.san.unstructured_name.len = strlen(q); + cur->node.san.unstructured_name.p = (unsigned char *) subtype_value; + cur->node.san.unstructured_name.len = strlen(subtype_value); } if (prev == NULL) { From 63a6a267a4ab95d727a1b07eb5c7ce67384dbffa Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 27 Apr 2023 08:25:41 -0400 Subject: [PATCH 284/483] Check for overflows when writing x509 SANs Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e3b8f605ea..f57841c4fd 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -36,6 +36,7 @@ #include "mbedtls/md.h" #include +#include #if defined(MBEDTLS_PEM_WRITE_C) #include "mbedtls/pem.h" @@ -48,6 +49,16 @@ #include "hash_info.h" +#define CHECK_OVERFLOW_ADD(a, b) \ + do \ + { \ + if (a > SIZE_MAX - (b)) \ + { \ + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \ + } \ + a += b; \ + } while (0) + void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) { memset(ctx, 0, sizeof(mbedtls_x509write_cert)); @@ -175,7 +186,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c * maximum 4 bytes for the length field, * 1 byte for the tag/type. */ - buflen += cur->node.san.unstructured_name.len + 4 + 1; + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len + 4 + 1); break; case MBEDTLS_X509_SAN_DIRECTORY_NAME: { @@ -184,10 +195,10 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c // 5 bytes for OID, max 4 bytes for length, +1 for tag, // additional 4 max for length, +1 for tag. // See x509_write_name for more information. - buflen += chunk->val.len + 5 + 4 + 1 + 4 + 1; + CHECK_OVERFLOW_ADD(buflen, chunk->val.len + 5 + 4 + 1 + 4 + 1); chunk = chunk->next; } - buflen += cur->node.san.unstructured_name.len + 4 + 1; + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len + 4 + 1); break; } default: @@ -197,7 +208,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c } /* Add the extra length field and tag */ - buflen += 4 + 1; + CHECK_OVERFLOW_ADD(buflen, 4 + 1); /* Allocate buffer */ buf = mbedtls_calloc(1, buflen); @@ -253,6 +264,11 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c goto cleanup; } cur = cur->next; + /* check for overflow */ + if (len > SIZE_MAX - single_san_len) { + ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; + goto cleanup; + } len += single_san_len; } From c1f5e54d2df0432add739dc79238303781d8f70d Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 18 May 2023 02:02:48 +0000 Subject: [PATCH 285/483] Remove useless parameter iret for ecp mul_inv cases Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 102 +++++++++++++-------------- tests/suites/test_suite_ecp.function | 4 +- 2 files changed, 52 insertions(+), 54 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 30ecc6593b..5e5f0724ce 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1031,206 +1031,206 @@ ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_N # mbedtls_mpi_mod_residue_setup() can be used to check whether it satisfy the requirements. ecp_mul_inv #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_mod_mul_inv:"0000000000000000000000000000152d02c7e14af67fe0bf":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"0000000000000000000000000000152d02c7e14af67fe0bf":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_mod_mul_inv:"4acca2d7100bad687080217babfb490d23dd6460a0007f24":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"4acca2d7100bad687080217babfb490d23dd6460a0007f24":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_mod_mul_inv:"c4fd9a06df9b4efa94531578af8b5886ec0ada82884199f7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"c4fd9a06df9b4efa94531578af8b5886ec0ada82884199f7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_mul_inv:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #5 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_mul_inv:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_mul_inv:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecp_mod_mul_inv:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecp_mod_mul_inv:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #9 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecp_mod_mul_inv:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecp_mod_mul_inv:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecp_mod_mul_inv:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecp_mod_mul_inv:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecp_mod_mul_inv:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecp_mod_mul_inv:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecp_mod_mul_inv:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_mul_inv:"96e729c5c64b7f54375c2779f034acc1f32c26358a621ab421b9c4d4c11ddb28":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_mul_inv:"96e729c5c64b7f54375c2779f034acc1f32c26358a621ab421b9c4d4c11ddb28":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_mul_inv:"7491ad896c2a0ec65950db5c91e9b573a77839fd576481da85f5a77c7ceccce0":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_mul_inv:"7491ad896c2a0ec65950db5c91e9b573a77839fd576481da85f5a77c7ceccce0":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_mul_inv:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_mul_inv:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_mul_inv:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_mul_inv:"8bcf768f2f7d6d22133de97f5e463337ff030e662d6f6724d5bad27e27be5dc0":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"8bcf768f2f7d6d22133de97f5e463337ff030e662d6f6724d5bad27e27be5dc0":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_mul_inv:"435ed5da780b83a0130fc8f03e8e224d5bb4ae2eeeba214b8156544c4ae85944":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"435ed5da780b83a0130fc8f03e8e224d5bb4ae2eeeba214b8156544c4ae85944":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #22 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_mul_inv:"4003a648cfeda3a738a3e05933c6ce5098ab6dc943821cfc485f8991caaba99979ced9bb237c6b24997db8359a4a659f":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_mul_inv:"4003a648cfeda3a738a3e05933c6ce5098ab6dc943821cfc485f8991caaba99979ced9bb237c6b24997db8359a4a659f":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_mul_inv:"62b4355dc4cc6d76fc1633c46222c6ad5efaf6de931f0d25217d3dcebfd443fec31eeba68688717275a039863d03a48b":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_mul_inv:"62b4355dc4cc6d76fc1633c46222c6ad5efaf6de931f0d25217d3dcebfd443fec31eeba68688717275a039863d03a48b":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_mul_inv:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_mul_inv:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_mul_inv:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_mul_inv:"82b18c3794463edeb80760098f7d392569dde6ed5ec21753b66e4e9b79e2f3e89bfc9fea1a2ffda2c285a0cc4afeab0":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"82b18c3794463edeb80760098f7d392569dde6ed5ec21753b66e4e9b79e2f3e89bfc9fea1a2ffda2c285a0cc4afeab0":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_mul_inv:"7c17dc9df00c870a701c07186bd74b752abb6a9e17ee1c6342403e75d6fa7431b32e2495eb3f5e67c6519b43c6f69e28":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"7c17dc9df00c870a701c07186bd74b752abb6a9e17ee1c6342403e75d6fa7431b32e2495eb3f5e67c6519b43c6f69e28":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #28 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_mul_inv:"27e445caeb0d6752bd051f36a6d21ccdf67ba9b8238f2552aba237c3c72f3d384e7df2a25f95b779c7f38a4123741e2c691c4d5b87b231e4a98ecb9166a73674":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_mul_inv:"27e445caeb0d6752bd051f36a6d21ccdf67ba9b8238f2552aba237c3c72f3d384e7df2a25f95b779c7f38a4123741e2c691c4d5b87b231e4a98ecb9166a73674":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #29 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_mul_inv:"7b1dc9c166abbcd7a1a6b1ec375a3125aa3257d1d40e781f1ac9023dba4248415aa0eaea6fa8ce460f85fdae3f62fbb4bdcb953328f5d5664b71f70f681c0f4e":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_mul_inv:"7b1dc9c166abbcd7a1a6b1ec375a3125aa3257d1d40e781f1ac9023dba4248415aa0eaea6fa8ce460f85fdae3f62fbb4bdcb953328f5d5664b71f70f681c0f4e":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_mul_inv:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_mul_inv:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_mul_inv #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_mul_inv:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_mul_inv:"99c2751d157489ab961a7bf1be12c8575cc56c99c6db8e2273450f6332ecdd3cd9b33763acd0509d8b98250462319bfd7cfbfc87c99ce31c15cefab651bc088c":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"99c2751d157489ab961a7bf1be12c8575cc56c99c6db8e2273450f6332ecdd3cd9b33763acd0509d8b98250462319bfd7cfbfc87c99ce31c15cefab651bc088c":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_mul_inv:"3169122b79ab7add228eed5b4de336dcb5daae8136b5cb184c08752d727c954840f8e2ad6860245128f6931a4598578679a65aa6e4b138a349586c57d03d2216":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"3169122b79ab7add228eed5b4de336dcb5daae8136b5cb184c08752d727c954840f8e2ad6860245128f6931a4598578679a65aa6e4b138a349586c57d03d2216":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_mod_mul_inv:"1000000000000000000000000000000014def9dea2079cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"1000000000000000000000000000000014def9dea2079cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_mod_mul_inv:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_mod_mul_inv:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecp_mod_mul_inv:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecp_mod_mul_inv:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #39 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR # Public values of secp224K1 have 225 bits, if we randomly generate only 224 bits, we should add the leading '0' # to make the limbs match with each other and make the function mbedtls_mpi_mod_residue_setup() happy. ecp_mul_inv #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #40.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"1000000000000000000000000000075ea446a83291f5136799781cfbd":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"1000000000000000000000000000075ea446a83291f5136799781cfbd":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #41.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"1000000000000000000000000000059232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"1000000000000000000000000000059232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #42.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_mul_inv:"10000000000000000000000000000aca628de662cdbd5cb4dc69efbb8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"10000000000000000000000000000aca628de662cdbd5cb4dc69efbb8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecp_mod_mul_inv:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #44 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecp_mod_mul_inv:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #45 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecp_mod_mul_inv:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #46 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #47 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR ecp_mul_inv #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index bc2cd750ec..02afecd2f5 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1552,7 +1552,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ -void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) +void ecp_mod_mul_inv(char *input_A, int id, int ctype) { size_t limbs; mbedtls_mpi_mod_modulus m; @@ -1565,8 +1565,6 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype, int iret) mbedtls_mpi_uint *bufx = NULL; const mbedtls_mpi_uint one[2] = {1, 0}; - ((void) iret); - mbedtls_mpi_mod_modulus_init(&m); TEST_ASSERT(mbedtls_ecp_modulus_setup(&m, id, ctype) == 0); From c8f677d33efe37bada41b155072c1f03ea14a470 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 18 May 2023 03:04:26 +0000 Subject: [PATCH 286/483] Both compare the least significant limb 1 and the left limbs 0 Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 02afecd2f5..e5dddc4023 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1563,7 +1563,7 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype) mbedtls_mpi_uint *A_inverse = NULL; mbedtls_mpi_uint *A = NULL; mbedtls_mpi_uint *bufx = NULL; - const mbedtls_mpi_uint one[2] = {1, 0}; + const mbedtls_mpi_uint one[1] = { 1 }; mbedtls_mpi_mod_modulus_init(&m); @@ -1582,15 +1582,19 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype) TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); /* Get inverse of A mode m, and multiply it with itself, - * to see whether the result equal to '1' */ + * to see whether the result equal to '1' */ TEST_EQUAL(0, mbedtls_mpi_mod_inv(&rA_inverse, &rA, &m)); TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA_inverse, &m), 0); ASSERT_ALLOC(bufx, limbs); TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx, - limbs * sizeof(mbedtls_mpi_uint), - MBEDTLS_MPI_MOD_EXT_REP_LE), 0); - ASSERT_COMPARE(bufx, 2, one, 2); + limbs * ciL, + MBEDTLS_MPI_MOD_EXT_REP_LE), 0); + + ASSERT_COMPARE(bufx, ciL, one, ciL); + /*Borrow the buffer of A to compare the left lims with 0 */ + memset(A, 0, limbs * ciL); + ASSERT_COMPARE(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL); exit: From 68ef1d6ee68c23ec20b14bd4588d8fb5034013ac Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 18 May 2023 20:49:03 +0100 Subject: [PATCH 287/483] Remove DIY SIZE_MAX definitions Signed-off-by: Dave Rodgman --- library/base64.c | 8 ++++---- library/bignum.c | 4 +--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/library/base64.c b/library/base64.c index 4170610642..3eb9e7cc55 100644 --- a/library/base64.c +++ b/library/base64.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#include + #include "common.h" #if defined(MBEDTLS_BASE64_C) @@ -31,8 +33,6 @@ #include "mbedtls/platform.h" #endif /* MBEDTLS_SELF_TEST */ -#define BASE64_SIZE_T_MAX ((size_t) -1) /* SIZE_T_MAX is not standard */ - /* * Encode a buffer into base64 format */ @@ -50,8 +50,8 @@ int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen, n = slen / 3 + (slen % 3 != 0); - if (n > (BASE64_SIZE_T_MAX - 1) / 4) { - *olen = BASE64_SIZE_T_MAX; + if (n > (SIZE_MAX - 1) / 4) { + *olen = SIZE_MAX; return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; } diff --git a/library/bignum.c b/library/bignum.c index e686a1ba23..36effaf8da 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -54,8 +54,6 @@ #define MPI_VALIDATE(cond) \ MBEDTLS_INTERNAL_VALIDATE(cond) -#define MPI_SIZE_T_MAX ((size_t) -1) /* SIZE_T_MAX is not standard */ - /* Implementation that should never be optimized out by the compiler */ static void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n) { @@ -416,7 +414,7 @@ int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s) slen = strlen(s); if (radix == 16) { - if (slen > MPI_SIZE_T_MAX >> 2) { + if (slen > SIZE_MAX >> 2) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } From 5fc78465075fb2b447a8224962c69faad497797a Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 27 Apr 2023 13:16:55 +0000 Subject: [PATCH 288/483] Add add_sub test cases for named moduli curves Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 61 +++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index e5dddc4023..d22be43a12 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1596,7 +1596,6 @@ void ecp_mod_mul_inv(char *input_A, int id, int ctype) memset(A, 0, limbs * ciL); ASSERT_COMPARE(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL); - exit: mbedtls_mpi_mod_modulus_free(&m); mbedtls_mpi_mod_residue_release(&rA); @@ -1608,3 +1607,63 @@ exit: mbedtls_free(bufx); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype, int iret) +{ + int ret; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_modulus_init(&m); + mbedtls_mpi_uint *p_A = NULL; + mbedtls_mpi_uint *p_B = NULL; + mbedtls_mpi_uint *p_S = NULL; + mbedtls_mpi_mod_residue rA = { NULL, 0 }; + mbedtls_mpi_mod_residue rB = { NULL, 0 }; + mbedtls_mpi_mod_residue rS = { NULL, 0 }; + size_t p_limbs; + size_t bytes; + + TEST_EQUAL(mbedtls_test_read_mpi_core(&p_A, &p_limbs, input_A), 0); + + ret = mbedtls_ecp_modulus_setup(&m, id, ctype); + TEST_EQUAL(ret, iret); + + if (ret == 0) { + + /* Test for limb sizes */ + TEST_EQUAL(m.limbs, p_limbs); + bytes = p_limbs * sizeof(mbedtls_mpi_uint); + + /* Test for validity of moduli by the presence of Montgomery consts */ + + TEST_ASSERT(m.rep.mont.mm != 0); + TEST_ASSERT(m.rep.mont.rr != NULL); + + ASSERT_ALLOC(p_S, p_limbs); + + TEST_EQUAL(mbedtls_test_read_mpi_core(&p_B, &p_limbs, input_B), 0); + TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_limbs), 0); + TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_limbs), 0); + TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rS, &m, p_S, p_limbs), 0); + + TEST_EQUAL(0, mbedtls_mpi_mod_add(&rS, &rA, &rB, &m)); + TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m)); + + + /* Compare output byte-by-byte */ + ASSERT_COMPARE(rA.p, bytes, rS.p, bytes); + + /* Test for user free-ing allocated memory */ + mbedtls_mpi_mod_modulus_free(&m); + } + +exit: + mbedtls_mpi_mod_modulus_free(&m); + mbedtls_mpi_mod_residue_release(&rA); + mbedtls_mpi_mod_residue_release(&rB); + mbedtls_mpi_mod_residue_release(&rS); + mbedtls_free(p_A); + mbedtls_free(p_B); + mbedtls_free(p_S); +} +/* END_CASE */ From 9fe2587ccf226ae7df1216410f4be69e89a16a03 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 12 May 2023 03:51:47 +0000 Subject: [PATCH 289/483] Add add_sub test data for named moduli curves Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 112 +++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 5e5f0724ce..de078fa578 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1234,3 +1234,115 @@ ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffff ecp_mul_inv #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR + +# The following data be generated by random.getrandbits() in python must less than the named curves' modulus. +# mbedtls_mpi_mod_residue_setup() can be used to check whether it satisfy the requirements. +ecp_add_sub #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_add_sub:"340139fe4a67f2fa9a9a6b3eb89e50d002e8852f3ac13dc6":"edfb9290118dd3461d7df865e830509e76788d3cd99b0258":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_add_sub:"71327812f2d8a7ea7f0d258fa9aaef733c2678069c2524e3":"8228e66d05018523ef4a8f2964ed4c912b34dba258d899dd":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_add_sub:"ecc169a94e1a332adecb9e9250fa7dec363c4600ca05edc5":"155701eb2ce23e09dd6707083f82d0daaa6f67221df330da":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_add_sub:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":"a7eb9830785787978aadb40c83795e481dde37b5c5fc63471ca87be9":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #5 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_add_sub:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":"30a95280613513578ff6162003a6033660570bf4eb29af8c2fb62856":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_add_sub:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":"ac2f0be083e57886a0720250438b3593d480e9d88691376f61b34c23":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_add_sub:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":"c77db32dd33205cdccbbef48d026620a3bf8bdf1be26bc559ed97074df6a3c35":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_add_sub:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":"d6b501f03b97d8b8c87da16f4782d2a1141fdd04c402a82e8250068016b6fa42":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #9 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_add_sub:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":"f61f23353f7ff1a0709b94d9863dc9513975d019ae5e1d5f7e4ed0485031bf34":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_add_sub:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":"f6f83a84282b29760cea481c311394b06163ea7b3fb32b8623de587acecab3d6181b9efc9c611e488c2cfa0608244e7d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_add_sub:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":"501118699c219b612f3a1092ed1b6b34fa6eae762c6a492fb512e5b89d528845409e5b09ca1ff5ae33a1a1876676cc78":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_add_sub:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":"65d74acbc7e6c3700ee4bfaeb4c9d2643e73d07e0ff416876b944087606560d1b9b0af1a2b3ff3f02f80f76fc5c1cf60":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_add_sub:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":"c1a19bbedad2873d20c92e8d7a6b639b601ffc86ad0f1e2f28b5b85853c00455d35301179c9303579bf72f2f0bdbd017dd665e5448e21d1d157fadf47845cd3c43":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_add_sub:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":"19c137d65805dae62a80eec878420b772c825f3ba93244230fea80e9cec2ef073d970c5c1f7544684e54d19ec9ce3ae064d75d1ffe31c67b36b477bd498d4c79314":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_add_sub:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":"4b727c53ac84e265d64a156f643e6a5eaf264b90efa258c65657086a6316481c43768596bc15c7e3891b0ef5c976fde802be8eb1c9adbf58bdc894935d81c9baed":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_add_sub:"96e729c5c64b7f54375c2779f034acc1f32c26358a621ab421b9c4d4c11ddb28":"33eb3a8e03933a02b786bade686d3399f5b7ef9f36401fb7f5e398b7d66c81ae":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_add_sub #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_add_sub:"7491ad896c2a0ec65950db5c91e9b573a77839fd576481da85f5a77c7ceccce0":"6275f327b371baa38c4830c10ed8dcf470918ee113dbdb54aeecac4407821ec1":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_add_sub #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_add_sub:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":"8f068ef36d063355c4aa2dc407d5f13d941681994e88f1b37000eb77cc323568":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_add_sub #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_add_sub:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":"3f5dd2814cd77a4c6b0498d4cff1278ee5b23e0f35f7a51dc563d6422e6c70ff":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_add_sub:"8bcf768f2f7d6d22133de97f5e463337ff030e662d6f6724d5bad27e27be5dc0":"3c0b7770a0a71ab40307387b7ed50cd11c842de1899fde73ee26a2be7c10555b":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_add_sub:"435ed5da780b83a0130fc8f03e8e224d5bb4ae2eeeba214b8156544c4ae85944":"7e27ace7d1431b1acb5887212e8c7ea11a66817a582b9800e994bd0d43ba4756":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #22 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_add_sub:"4003a648cfeda3a738a3e05933c6ce5098ab6dc943821cfc485f8991caaba99979ced9bb237c6b24997db8359a4a659f":"4f212fc07fd99090ea825b78602786d9a2322a0e5aa21e175c7d8f82d72d002cb55518f8deeffb227bf2fa4315a54552":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_add_sub #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_add_sub:"62b4355dc4cc6d76fc1633c46222c6ad5efaf6de931f0d25217d3dcebfd443fec31eeba68688717275a039863d03a48b":"7540b21c067768b092c0b353d40f82701743c220cc90085ee74303e4552a478c93470a623f4bd83c3d740d037fb18eed":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 + + +ecp_add_sub #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_add_sub:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":"68d46a69a1b828e5099dc54f8b302f4e8998c51fc9228d4fdd0d782e8d6735aa2df7c604225483e9390548983e03fcc1":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_add_sub #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_add_sub:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":"3355ff1fbf1dd347f1bd321d0e41887802e8f28bdf4d4c6ec392dca4cf8e612428c1f805fde0207fe3e53a342f437864":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_add_sub:"82b18c3794463edeb80760098f7d392569dde6ed5ec21753b66e4e9b79e2f3e89bfc9fea1a2ffda2c285a0cc4afeab0":"659408567a79795f84ac799726adeaa1a88053daf8f71452a27ee136d3b912d85c0bf63d14e892964f07b1932f6d566b":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_add_sub:"7c17dc9df00c870a701c07186bd74b752abb6a9e17ee1c6342403e75d6fa7431b32e2495eb3f5e67c6519b43c6f69e28":"806a6dc5282a42114dbcb10eb3cd87bfeab2bf4e6cd9ba1810725141145e9661656578604b94f665755580008890c71f":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + From 4dd1c0a475f0c0c8f08aefb3369a447fc76bf5cb Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 12 May 2023 10:57:28 +0000 Subject: [PATCH 290/483] Add test data for ecp_add_sub Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 84 ++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index de078fa578..bd8ae5d946 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1346,3 +1346,87 @@ ecp_add_sub #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED ecp_mod_add_sub:"7c17dc9df00c870a701c07186bd74b752abb6a9e17ee1c6342403e75d6fa7431b32e2495eb3f5e67c6519b43c6f69e28":"806a6dc5282a42114dbcb10eb3cd87bfeab2bf4e6cd9ba1810725141145e9661656578604b94f665755580008890c71f":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_add_sub #28 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_add_sub:"27e445caeb0d6752bd051f36a6d21ccdf67ba9b8238f2552aba237c3c72f3d384e7df2a25f95b779c7f38a4123741e2c691c4d5b87b231e4a98ecb9166a73674":"2dcb8bdae089b8a1d2cbb147a2c0e7daedef3425b20c220dbc3d9ff5f36640d3687abe9ef173b3a4fcd94f4c0c5ea348864985c7f40bd5444f5c66063cb986bc":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_add_sub #29 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_add_sub:"7b1dc9c166abbcd7a1a6b1ec375a3125aa3257d1d40e781f1ac9023dba4248415aa0eaea6fa8ce460f85fdae3f62fbb4bdcb953328f5d5664b71f70f681c0f4e":"36074851bc5a348971ea98f28bf04fe46713a4e0b7a834b96476e3306f808ab3d002b65e16e0478e27d10af5538ec77b5d809ec2b1196d930619b48155c9f6cd":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_add_sub #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_add_sub:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":"8072004af6d9d33e8c5954284a4386a23000b50afb95047209c5fdca518706f784b66b6b7dd2705b51e037391515dddbd75295f461da0fb4f9b6f57b8d718c45":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_add_sub #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_add_sub:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":"9da4c17ac850d4f63f8d3161623765b604c628cefb0126047676db1af1947231717259cd6d08273384c2452564da4b7ecbaaa72696b6c80f74d30c57a77fbe8b":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_add_sub:"99c2751d157489ab961a7bf1be12c8575cc56c99c6db8e2273450f6332ecdd3cd9b33763acd0509d8b98250462319bfd7cfbfc87c99ce31c15cefab651bc088c":"6866102f6694a10f74c811a24138c43ce32c887ba3e03815215bc0852f31da2534a0e4d373910863bc72e5151270dd409a0ad49b36a54cac8242144059e2e1e8":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_add_sub:"3169122b79ab7add228eed5b4de336dcb5daae8136b5cb184c08752d727c954840f8e2ad6860245128f6931a4598578679a65aa6e4b138a349586c57d03d2216":"6b7cfddae0a3a1a0ac747844fd7254736e85983f8fcddbbd4b95da6b66985ed0c6934a6a1047c431cdc4ba5b9699a6be0f98bb5970ab0d0737e1bd2d148ab3d5":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_add_sub:"0283877635fb4712d31e176ae3bfc2bbd63c1e4a498d2ed41ed6f9c691b2ce55":"01ceebebd76cf3324bd69a3e36338682a4432ced6ecfd604c61f06a0a785fcf9":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_add_sub:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":"0512bcda8d3b5ef3e6ba37996f0bf5ad7b019e56bc65025115b4b0845c84223":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_add_sub:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":"062fa75ae67f3463c9eebce624f9d8ba6644a05b078cd976ecd710f9bc43a347":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_add_sub:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":"8f03bee76599feb4aaf0e67df83ff8851ec97047ef328e78":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_add_sub:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":"f4d8e3b71eee5bb8cf08fb85f0eb73a9172f95f3d25c86a1":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #39 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_add_sub:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":"32129cb349733a118cdfb66dd1222dadf9e187f5ca4e97ab":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_add_sub:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":"0c1519a55899488ed1e4ee192b7de22dd30303a8014f10f87581dd769":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_add_sub:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":"0c96ffe83bfb73df893cac1dd18ddba0784281feed985930eb18e1211":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_add_sub:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":"0c0747a090df5fa917948b74f1739e03849918522dcc0ba70bf6bf65":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_add_sub:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":"2a0f3c405959a0df24a1c24d0e50bc27d73d377ef7aa17fb398e6ee50eca9cda":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #44 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_add_sub:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":"61ebb4588eb06389bf3ea55a6af66179ca8d5ca071c120aa27f592621d1f42d2":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #45 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_add_sub:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":"b76684acd0c06df6b397a52d592728718ab4dbdb0bc1bd9877f790dfa807b5a5":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #46 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff113c3c73012694226d0fa5634209c67c319871c13da14288ea5d40d0":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #47 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff295b0df3935816d53eb20f209a324c61d1656f6f78f75d857d67ef0c":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_add_sub #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff46daf5f8d9477b655aa45d424af0d2c450f1d7749ae62b5f9c20b12a":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 + From 61b0c1c3dd45e90f01ffeb608d9d702f704a9b11 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 17 May 2023 09:57:57 +0000 Subject: [PATCH 291/483] Refine code to align with the styles of ecp_mod_mul_inv Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 55 +++++++++++----------------- 1 file changed, 22 insertions(+), 33 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index d22be43a12..346a015f62 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1611,51 +1611,40 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype, int iret) { - int ret; + size_t p_limbs; + size_t bytes; mbedtls_mpi_mod_modulus m; - mbedtls_mpi_mod_modulus_init(&m); + mbedtls_mpi_mod_residue rA; + mbedtls_mpi_mod_residue rB; + mbedtls_mpi_mod_residue rS; mbedtls_mpi_uint *p_A = NULL; mbedtls_mpi_uint *p_B = NULL; mbedtls_mpi_uint *p_S = NULL; - mbedtls_mpi_mod_residue rA = { NULL, 0 }; - mbedtls_mpi_mod_residue rB = { NULL, 0 }; - mbedtls_mpi_mod_residue rS = { NULL, 0 }; - size_t p_limbs; - size_t bytes; + + ((void) iret); + + mbedtls_mpi_mod_modulus_init(&m); TEST_EQUAL(mbedtls_test_read_mpi_core(&p_A, &p_limbs, input_A), 0); + TEST_EQUAL(mbedtls_test_read_mpi_core(&p_B, &p_limbs, input_B), 0); - ret = mbedtls_ecp_modulus_setup(&m, id, ctype); - TEST_EQUAL(ret, iret); + TEST_ASSERT(mbedtls_ecp_modulus_setup(&m, id, ctype) == 0); - if (ret == 0) { + /* Test for limb sizes */ + TEST_EQUAL(m.limbs, p_limbs); + bytes = p_limbs * sizeof(mbedtls_mpi_uint); - /* Test for limb sizes */ - TEST_EQUAL(m.limbs, p_limbs); - bytes = p_limbs * sizeof(mbedtls_mpi_uint); + ASSERT_ALLOC(p_S, p_limbs); - /* Test for validity of moduli by the presence of Montgomery consts */ + TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_limbs), 0); + TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_limbs), 0); + TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rS, &m, p_S, p_limbs), 0); - TEST_ASSERT(m.rep.mont.mm != 0); - TEST_ASSERT(m.rep.mont.rr != NULL); + TEST_EQUAL(0, mbedtls_mpi_mod_add(&rS, &rA, &rB, &m)); + TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m)); - ASSERT_ALLOC(p_S, p_limbs); - - TEST_EQUAL(mbedtls_test_read_mpi_core(&p_B, &p_limbs, input_B), 0); - TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_limbs), 0); - TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_limbs), 0); - TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rS, &m, p_S, p_limbs), 0); - - TEST_EQUAL(0, mbedtls_mpi_mod_add(&rS, &rA, &rB, &m)); - TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m)); - - - /* Compare output byte-by-byte */ - ASSERT_COMPARE(rA.p, bytes, rS.p, bytes); - - /* Test for user free-ing allocated memory */ - mbedtls_mpi_mod_modulus_free(&m); - } + /* Compare output byte-by-byte */ + ASSERT_COMPARE(rA.p, bytes, rS.p, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); From c304e53209913747d8a9166420f891c1ffb23b79 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 18 May 2023 07:46:59 +0000 Subject: [PATCH 292/483] Remove useless parameters for ecp_mod_add_sub Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 96 ++++++++++++++-------------- tests/suites/test_suite_ecp.function | 4 +- 2 files changed, 49 insertions(+), 51 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index bd8ae5d946..1e1d055e93 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1239,194 +1239,194 @@ ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffff # mbedtls_mpi_mod_residue_setup() can be used to check whether it satisfy the requirements. ecp_add_sub #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_mod_add_sub:"340139fe4a67f2fa9a9a6b3eb89e50d002e8852f3ac13dc6":"edfb9290118dd3461d7df865e830509e76788d3cd99b0258":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"340139fe4a67f2fa9a9a6b3eb89e50d002e8852f3ac13dc6":"edfb9290118dd3461d7df865e830509e76788d3cd99b0258":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_mod_add_sub:"71327812f2d8a7ea7f0d258fa9aaef733c2678069c2524e3":"8228e66d05018523ef4a8f2964ed4c912b34dba258d899dd":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"71327812f2d8a7ea7f0d258fa9aaef733c2678069c2524e3":"8228e66d05018523ef4a8f2964ed4c912b34dba258d899dd":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_mod_add_sub:"ecc169a94e1a332adecb9e9250fa7dec363c4600ca05edc5":"155701eb2ce23e09dd6707083f82d0daaa6f67221df330da":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"ecc169a94e1a332adecb9e9250fa7dec363c4600ca05edc5":"155701eb2ce23e09dd6707083f82d0daaa6f67221df330da":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_add_sub:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":"a7eb9830785787978aadb40c83795e481dde37b5c5fc63471ca87be9":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":"a7eb9830785787978aadb40c83795e481dde37b5c5fc63471ca87be9":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #5 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_add_sub:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":"30a95280613513578ff6162003a6033660570bf4eb29af8c2fb62856":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":"30a95280613513578ff6162003a6033660570bf4eb29af8c2fb62856":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_add_sub:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":"ac2f0be083e57886a0720250438b3593d480e9d88691376f61b34c23":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":"ac2f0be083e57886a0720250438b3593d480e9d88691376f61b34c23":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecp_mod_add_sub:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":"c77db32dd33205cdccbbef48d026620a3bf8bdf1be26bc559ed97074df6a3c35":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":"c77db32dd33205cdccbbef48d026620a3bf8bdf1be26bc559ed97074df6a3c35":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecp_mod_add_sub:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":"d6b501f03b97d8b8c87da16f4782d2a1141fdd04c402a82e8250068016b6fa42":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":"d6b501f03b97d8b8c87da16f4782d2a1141fdd04c402a82e8250068016b6fa42":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #9 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecp_mod_add_sub:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":"f61f23353f7ff1a0709b94d9863dc9513975d019ae5e1d5f7e4ed0485031bf34":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":"f61f23353f7ff1a0709b94d9863dc9513975d019ae5e1d5f7e4ed0485031bf34":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecp_mod_add_sub:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":"f6f83a84282b29760cea481c311394b06163ea7b3fb32b8623de587acecab3d6181b9efc9c611e488c2cfa0608244e7d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":"f6f83a84282b29760cea481c311394b06163ea7b3fb32b8623de587acecab3d6181b9efc9c611e488c2cfa0608244e7d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecp_mod_add_sub:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":"501118699c219b612f3a1092ed1b6b34fa6eae762c6a492fb512e5b89d528845409e5b09ca1ff5ae33a1a1876676cc78":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":"501118699c219b612f3a1092ed1b6b34fa6eae762c6a492fb512e5b89d528845409e5b09ca1ff5ae33a1a1876676cc78":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecp_mod_add_sub:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":"65d74acbc7e6c3700ee4bfaeb4c9d2643e73d07e0ff416876b944087606560d1b9b0af1a2b3ff3f02f80f76fc5c1cf60":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":"65d74acbc7e6c3700ee4bfaeb4c9d2643e73d07e0ff416876b944087606560d1b9b0af1a2b3ff3f02f80f76fc5c1cf60":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecp_mod_add_sub:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":"c1a19bbedad2873d20c92e8d7a6b639b601ffc86ad0f1e2f28b5b85853c00455d35301179c9303579bf72f2f0bdbd017dd665e5448e21d1d157fadf47845cd3c43":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":"c1a19bbedad2873d20c92e8d7a6b639b601ffc86ad0f1e2f28b5b85853c00455d35301179c9303579bf72f2f0bdbd017dd665e5448e21d1d157fadf47845cd3c43":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecp_mod_add_sub:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":"19c137d65805dae62a80eec878420b772c825f3ba93244230fea80e9cec2ef073d970c5c1f7544684e54d19ec9ce3ae064d75d1ffe31c67b36b477bd498d4c79314":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":"19c137d65805dae62a80eec878420b772c825f3ba93244230fea80e9cec2ef073d970c5c1f7544684e54d19ec9ce3ae064d75d1ffe31c67b36b477bd498d4c79314":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecp_mod_add_sub:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":"4b727c53ac84e265d64a156f643e6a5eaf264b90efa258c65657086a6316481c43768596bc15c7e3891b0ef5c976fde802be8eb1c9adbf58bdc894935d81c9baed":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":"4b727c53ac84e265d64a156f643e6a5eaf264b90efa258c65657086a6316481c43768596bc15c7e3891b0ef5c976fde802be8eb1c9adbf58bdc894935d81c9baed":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"96e729c5c64b7f54375c2779f034acc1f32c26358a621ab421b9c4d4c11ddb28":"33eb3a8e03933a02b786bade686d3399f5b7ef9f36401fb7f5e398b7d66c81ae":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_add_sub:"96e729c5c64b7f54375c2779f034acc1f32c26358a621ab421b9c4d4c11ddb28":"33eb3a8e03933a02b786bade686d3399f5b7ef9f36401fb7f5e398b7d66c81ae":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"7491ad896c2a0ec65950db5c91e9b573a77839fd576481da85f5a77c7ceccce0":"6275f327b371baa38c4830c10ed8dcf470918ee113dbdb54aeecac4407821ec1":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_add_sub:"7491ad896c2a0ec65950db5c91e9b573a77839fd576481da85f5a77c7ceccce0":"6275f327b371baa38c4830c10ed8dcf470918ee113dbdb54aeecac4407821ec1":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":"8f068ef36d063355c4aa2dc407d5f13d941681994e88f1b37000eb77cc323568":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_add_sub:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":"8f068ef36d063355c4aa2dc407d5f13d941681994e88f1b37000eb77cc323568":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":"3f5dd2814cd77a4c6b0498d4cff1278ee5b23e0f35f7a51dc563d6422e6c70ff":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":"3f5dd2814cd77a4c6b0498d4cff1278ee5b23e0f35f7a51dc563d6422e6c70ff":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"8bcf768f2f7d6d22133de97f5e463337ff030e662d6f6724d5bad27e27be5dc0":"3c0b7770a0a71ab40307387b7ed50cd11c842de1899fde73ee26a2be7c10555b":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"8bcf768f2f7d6d22133de97f5e463337ff030e662d6f6724d5bad27e27be5dc0":"3c0b7770a0a71ab40307387b7ed50cd11c842de1899fde73ee26a2be7c10555b":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"435ed5da780b83a0130fc8f03e8e224d5bb4ae2eeeba214b8156544c4ae85944":"7e27ace7d1431b1acb5887212e8c7ea11a66817a582b9800e994bd0d43ba4756":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"435ed5da780b83a0130fc8f03e8e224d5bb4ae2eeeba214b8156544c4ae85944":"7e27ace7d1431b1acb5887212e8c7ea11a66817a582b9800e994bd0d43ba4756":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #22 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"4003a648cfeda3a738a3e05933c6ce5098ab6dc943821cfc485f8991caaba99979ced9bb237c6b24997db8359a4a659f":"4f212fc07fd99090ea825b78602786d9a2322a0e5aa21e175c7d8f82d72d002cb55518f8deeffb227bf2fa4315a54552":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_add_sub:"4003a648cfeda3a738a3e05933c6ce5098ab6dc943821cfc485f8991caaba99979ced9bb237c6b24997db8359a4a659f":"4f212fc07fd99090ea825b78602786d9a2322a0e5aa21e175c7d8f82d72d002cb55518f8deeffb227bf2fa4315a54552":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"62b4355dc4cc6d76fc1633c46222c6ad5efaf6de931f0d25217d3dcebfd443fec31eeba68688717275a039863d03a48b":"7540b21c067768b092c0b353d40f82701743c220cc90085ee74303e4552a478c93470a623f4bd83c3d740d037fb18eed":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_add_sub:"62b4355dc4cc6d76fc1633c46222c6ad5efaf6de931f0d25217d3dcebfd443fec31eeba68688717275a039863d03a48b":"7540b21c067768b092c0b353d40f82701743c220cc90085ee74303e4552a478c93470a623f4bd83c3d740d037fb18eed":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":"68d46a69a1b828e5099dc54f8b302f4e8998c51fc9228d4fdd0d782e8d6735aa2df7c604225483e9390548983e03fcc1":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_add_sub:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":"68d46a69a1b828e5099dc54f8b302f4e8998c51fc9228d4fdd0d782e8d6735aa2df7c604225483e9390548983e03fcc1":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":"3355ff1fbf1dd347f1bd321d0e41887802e8f28bdf4d4c6ec392dca4cf8e612428c1f805fde0207fe3e53a342f437864":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":"3355ff1fbf1dd347f1bd321d0e41887802e8f28bdf4d4c6ec392dca4cf8e612428c1f805fde0207fe3e53a342f437864":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"82b18c3794463edeb80760098f7d392569dde6ed5ec21753b66e4e9b79e2f3e89bfc9fea1a2ffda2c285a0cc4afeab0":"659408567a79795f84ac799726adeaa1a88053daf8f71452a27ee136d3b912d85c0bf63d14e892964f07b1932f6d566b":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"82b18c3794463edeb80760098f7d392569dde6ed5ec21753b66e4e9b79e2f3e89bfc9fea1a2ffda2c285a0cc4afeab0":"659408567a79795f84ac799726adeaa1a88053daf8f71452a27ee136d3b912d85c0bf63d14e892964f07b1932f6d566b":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"7c17dc9df00c870a701c07186bd74b752abb6a9e17ee1c6342403e75d6fa7431b32e2495eb3f5e67c6519b43c6f69e28":"806a6dc5282a42114dbcb10eb3cd87bfeab2bf4e6cd9ba1810725141145e9661656578604b94f665755580008890c71f":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"7c17dc9df00c870a701c07186bd74b752abb6a9e17ee1c6342403e75d6fa7431b32e2495eb3f5e67c6519b43c6f69e28":"806a6dc5282a42114dbcb10eb3cd87bfeab2bf4e6cd9ba1810725141145e9661656578604b94f665755580008890c71f":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #28 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"27e445caeb0d6752bd051f36a6d21ccdf67ba9b8238f2552aba237c3c72f3d384e7df2a25f95b779c7f38a4123741e2c691c4d5b87b231e4a98ecb9166a73674":"2dcb8bdae089b8a1d2cbb147a2c0e7daedef3425b20c220dbc3d9ff5f36640d3687abe9ef173b3a4fcd94f4c0c5ea348864985c7f40bd5444f5c66063cb986bc":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_add_sub:"27e445caeb0d6752bd051f36a6d21ccdf67ba9b8238f2552aba237c3c72f3d384e7df2a25f95b779c7f38a4123741e2c691c4d5b87b231e4a98ecb9166a73674":"2dcb8bdae089b8a1d2cbb147a2c0e7daedef3425b20c220dbc3d9ff5f36640d3687abe9ef173b3a4fcd94f4c0c5ea348864985c7f40bd5444f5c66063cb986bc":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #29 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"7b1dc9c166abbcd7a1a6b1ec375a3125aa3257d1d40e781f1ac9023dba4248415aa0eaea6fa8ce460f85fdae3f62fbb4bdcb953328f5d5664b71f70f681c0f4e":"36074851bc5a348971ea98f28bf04fe46713a4e0b7a834b96476e3306f808ab3d002b65e16e0478e27d10af5538ec77b5d809ec2b1196d930619b48155c9f6cd":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_add_sub:"7b1dc9c166abbcd7a1a6b1ec375a3125aa3257d1d40e781f1ac9023dba4248415aa0eaea6fa8ce460f85fdae3f62fbb4bdcb953328f5d5664b71f70f681c0f4e":"36074851bc5a348971ea98f28bf04fe46713a4e0b7a834b96476e3306f808ab3d002b65e16e0478e27d10af5538ec77b5d809ec2b1196d930619b48155c9f6cd":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":"8072004af6d9d33e8c5954284a4386a23000b50afb95047209c5fdca518706f784b66b6b7dd2705b51e037391515dddbd75295f461da0fb4f9b6f57b8d718c45":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 +ecp_mod_add_sub:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":"8072004af6d9d33e8c5954284a4386a23000b50afb95047209c5fdca518706f784b66b6b7dd2705b51e037391515dddbd75295f461da0fb4f9b6f57b8d718c45":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":"9da4c17ac850d4f63f8d3161623765b604c628cefb0126047676db1af1947231717259cd6d08273384c2452564da4b7ecbaaa72696b6c80f74d30c57a77fbe8b":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":"9da4c17ac850d4f63f8d3161623765b604c628cefb0126047676db1af1947231717259cd6d08273384c2452564da4b7ecbaaa72696b6c80f74d30c57a77fbe8b":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"99c2751d157489ab961a7bf1be12c8575cc56c99c6db8e2273450f6332ecdd3cd9b33763acd0509d8b98250462319bfd7cfbfc87c99ce31c15cefab651bc088c":"6866102f6694a10f74c811a24138c43ce32c887ba3e03815215bc0852f31da2534a0e4d373910863bc72e5151270dd409a0ad49b36a54cac8242144059e2e1e8":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"99c2751d157489ab961a7bf1be12c8575cc56c99c6db8e2273450f6332ecdd3cd9b33763acd0509d8b98250462319bfd7cfbfc87c99ce31c15cefab651bc088c":"6866102f6694a10f74c811a24138c43ce32c887ba3e03815215bc0852f31da2534a0e4d373910863bc72e5151270dd409a0ad49b36a54cac8242144059e2e1e8":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"3169122b79ab7add228eed5b4de336dcb5daae8136b5cb184c08752d727c954840f8e2ad6860245128f6931a4598578679a65aa6e4b138a349586c57d03d2216":"6b7cfddae0a3a1a0ac747844fd7254736e85983f8fcddbbd4b95da6b66985ed0c6934a6a1047c431cdc4ba5b9699a6be0f98bb5970ab0d0737e1bd2d148ab3d5":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"3169122b79ab7add228eed5b4de336dcb5daae8136b5cb184c08752d727c954840f8e2ad6860245128f6931a4598578679a65aa6e4b138a349586c57d03d2216":"6b7cfddae0a3a1a0ac747844fd7254736e85983f8fcddbbd4b95da6b66985ed0c6934a6a1047c431cdc4ba5b9699a6be0f98bb5970ab0d0737e1bd2d148ab3d5":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_mod_add_sub:"0283877635fb4712d31e176ae3bfc2bbd63c1e4a498d2ed41ed6f9c691b2ce55":"01ceebebd76cf3324bd69a3e36338682a4432ced6ecfd604c61f06a0a785fcf9":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"0283877635fb4712d31e176ae3bfc2bbd63c1e4a498d2ed41ed6f9c691b2ce55":"01ceebebd76cf3324bd69a3e36338682a4432ced6ecfd604c61f06a0a785fcf9":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_mod_add_sub:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":"0512bcda8d3b5ef3e6ba37996f0bf5ad7b019e56bc65025115b4b0845c84223":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":"0512bcda8d3b5ef3e6ba37996f0bf5ad7b019e56bc65025115b4b0845c84223":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_mod_add_sub:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":"062fa75ae67f3463c9eebce624f9d8ba6644a05b078cd976ecd710f9bc43a347":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":"062fa75ae67f3463c9eebce624f9d8ba6644a05b078cd976ecd710f9bc43a347":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecp_mod_add_sub:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":"8f03bee76599feb4aaf0e67df83ff8851ec97047ef328e78":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":"8f03bee76599feb4aaf0e67df83ff8851ec97047ef328e78":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecp_mod_add_sub:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":"f4d8e3b71eee5bb8cf08fb85f0eb73a9172f95f3d25c86a1":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":"f4d8e3b71eee5bb8cf08fb85f0eb73a9172f95f3d25c86a1":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #39 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecp_mod_add_sub:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":"32129cb349733a118cdfb66dd1222dadf9e187f5ca4e97ab":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":"32129cb349733a118cdfb66dd1222dadf9e187f5ca4e97ab":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_add_sub:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":"0c1519a55899488ed1e4ee192b7de22dd30303a8014f10f87581dd769":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":"0c1519a55899488ed1e4ee192b7de22dd30303a8014f10f87581dd769":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_add_sub:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":"0c96ffe83bfb73df893cac1dd18ddba0784281feed985930eb18e1211":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":"0c96ffe83bfb73df893cac1dd18ddba0784281feed985930eb18e1211":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_add_sub:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":"0c0747a090df5fa917948b74f1739e03849918522dcc0ba70bf6bf65":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":"0c0747a090df5fa917948b74f1739e03849918522dcc0ba70bf6bf65":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecp_mod_add_sub:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":"2a0f3c405959a0df24a1c24d0e50bc27d73d377ef7aa17fb398e6ee50eca9cda":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":"2a0f3c405959a0df24a1c24d0e50bc27d73d377ef7aa17fb398e6ee50eca9cda":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #44 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecp_mod_add_sub:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":"61ebb4588eb06389bf3ea55a6af66179ca8d5ca071c120aa27f592621d1f42d2":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":"61ebb4588eb06389bf3ea55a6af66179ca8d5ca071c120aa27f592621d1f42d2":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #45 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecp_mod_add_sub:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":"b76684acd0c06df6b397a52d592728718ab4dbdb0bc1bd9877f790dfa807b5a5":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":"b76684acd0c06df6b397a52d592728718ab4dbdb0bc1bd9877f790dfa807b5a5":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #46 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff113c3c73012694226d0fa5634209c67c319871c13da14288ea5d40d0":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff113c3c73012694226d0fa5634209c67c319871c13da14288ea5d40d0":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #47 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff295b0df3935816d53eb20f209a324c61d1656f6f78f75d857d67ef0c":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff295b0df3935816d53eb20f209a324c61d1656f6f78f75d857d67ef0c":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff46daf5f8d9477b655aa45d424af0d2c450f1d7749ae62b5f9c20b12a":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 +ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff46daf5f8d9477b655aa45d424af0d2c450f1d7749ae62b5f9c20b12a":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 346a015f62..3f810d2e8a 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1609,7 +1609,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ -void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype, int iret) +void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) { size_t p_limbs; size_t bytes; @@ -1621,8 +1621,6 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype, int iret) mbedtls_mpi_uint *p_B = NULL; mbedtls_mpi_uint *p_S = NULL; - ((void) iret); - mbedtls_mpi_mod_modulus_init(&m); TEST_EQUAL(mbedtls_test_read_mpi_core(&p_A, &p_limbs, input_A), 0); From 6d02c2fefc9decd229803bb6a01a9c47e81eafd9 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 18 May 2023 09:35:25 +0000 Subject: [PATCH 293/483] Compare the libs of two input value and add comments Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 3f810d2e8a..69cd4e5adc 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1611,7 +1611,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) { - size_t p_limbs; + size_t p_A_limbs; + size_t p_B_limbs; size_t bytes; mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_residue rA; @@ -1623,25 +1624,28 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) mbedtls_mpi_mod_modulus_init(&m); - TEST_EQUAL(mbedtls_test_read_mpi_core(&p_A, &p_limbs, input_A), 0); - TEST_EQUAL(mbedtls_test_read_mpi_core(&p_B, &p_limbs, input_B), 0); + TEST_EQUAL(mbedtls_test_read_mpi_core(&p_A, &p_A_limbs, input_A), 0); + TEST_EQUAL(mbedtls_test_read_mpi_core(&p_B, &p_B_limbs, input_B), 0); TEST_ASSERT(mbedtls_ecp_modulus_setup(&m, id, ctype) == 0); - /* Test for limb sizes */ - TEST_EQUAL(m.limbs, p_limbs); - bytes = p_limbs * sizeof(mbedtls_mpi_uint); + /* Test for limb sizes for two input value and modulus */ + TEST_EQUAL(p_A_limbs, p_B_limbs); + TEST_EQUAL(m.limbs, p_A_limbs); + bytes = p_A_limbs * ciL; - ASSERT_ALLOC(p_S, p_limbs); + ASSERT_ALLOC(p_S, p_A_limbs); - TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_limbs), 0); - TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_limbs), 0); - TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rS, &m, p_S, p_limbs), 0); + TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_A_limbs), 0); + TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_B_limbs), 0); + TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rS, &m, p_S, p_A_limbs), 0); + /* Firstly add A and B to get the summary S, then subtract B, + * the difference should be equal to A*/ TEST_EQUAL(0, mbedtls_mpi_mod_add(&rS, &rA, &rB, &m)); TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m)); - /* Compare output byte-by-byte */ + /* Compare difference with rA byte-by-byte */ ASSERT_COMPARE(rA.p, bytes, rS.p, bytes); exit: From bead774daa8ea4319206551227a0c577e61646aa Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 19 May 2023 02:13:05 +0000 Subject: [PATCH 294/483] Fix the limb mismatch issue on 32-bit platform Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 1e1d055e93..2f40bd60e9 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1404,7 +1404,7 @@ ecp_mod_add_sub:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":"0c9 ecp_add_sub #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_add_sub:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":"0c0747a090df5fa917948b74f1739e03849918522dcc0ba70bf6bf65":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":"01c0747a090df5fa917948b74f1739e03849918522dcc0ba70bf6bf65":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED From be860a14cea22c6839cf7d95f51ada1297cb42db Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Fri, 19 May 2023 07:06:09 +0000 Subject: [PATCH 295/483] Generate test data with special seed 2,3,4 Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 108 ++++++++++++++++--------------- 1 file changed, 57 insertions(+), 51 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 2f40bd60e9..22493dbe41 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1235,198 +1235,204 @@ ecp_mul_inv #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits() in python must less than the named curves' modulus. -# mbedtls_mpi_mod_residue_setup() can be used to check whether it satisfy the requirements. +# The following data be generated by random.getrandbits() in python with seed(2,2), and they must be +# less than the named curves' modulus. mbedtls_mpi_mod_residue_setup() can be used to check whether it +# satisfy the requirements. ecp_add_sub #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_mod_add_sub:"340139fe4a67f2fa9a9a6b3eb89e50d002e8852f3ac13dc6":"edfb9290118dd3461d7df865e830509e76788d3cd99b0258":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973":"cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_mod_add_sub:"71327812f2d8a7ea7f0d258fa9aaef733c2678069c2524e3":"8228e66d05018523ef4a8f2964ed4c912b34dba258d899dd":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f":"ffed9235288bc781ae66267594c9c9500925e4749b575bd1":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED -ecp_mod_add_sub:"ecc169a94e1a332adecb9e9250fa7dec363c4600ca05edc5":"155701eb2ce23e09dd6707083f82d0daaa6f67221df330da":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"dc38f519b91751dacdbd47d364be8049a372db8f6e405d93":"ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_add_sub:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":"a7eb9830785787978aadb40c83795e481dde37b5c5fc63471ca87be9":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"706a045defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2":"6c71c4a66148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb9":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #5 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_add_sub:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":"30a95280613513578ff6162003a6033660570bf4eb29af8c2fb62856":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"3c7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c5055":"829a48d422fe99a22c70501e533c91352d3d854e061b90303b08c6e3":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED -ecp_mod_add_sub:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":"ac2f0be083e57886a0720250438b3593d480e9d88691376f61b34c23":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"2e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0":"867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b3":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecp_mod_add_sub:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":"c77db32dd33205cdccbbef48d026620a3bf8bdf1be26bc559ed97074df6a3c35":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561":"665d7435c1066932f4767f26294365b2721dea3bf63f23d0dbe53fcafb2147df":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecp_mod_add_sub:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":"d6b501f03b97d8b8c87da16f4782d2a1141fdd04c402a82e8250068016b6fa42":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2bd143fa9b714210c":"a9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #9 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecp_mod_add_sub:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":"f61f23353f7ff1a0709b94d9863dc9513975d019ae5e1d5f7e4ed0485031bf34":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a74667bffe202849d":"f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3eb9ac688":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecp_mod_add_sub:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":"f6f83a84282b29760cea481c311394b06163ea7b3fb32b8623de587acecab3d6181b9efc9c611e488c2cfa0608244e7d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"7ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062d08f1bb2531d6460":"9da59b74a6c3181c81e220df848b1df78feb994a81167346d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f8777":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecp_mod_add_sub:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":"501118699c219b612f3a1092ed1b6b34fa6eae762c6a492fb512e5b89d528845409e5b09ca1ff5ae33a1a1876676cc78":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"e1cf4f589f8e4ce0af29d115ef24bd625dd961e6830b54fa7d28f93435339774bb1e386c4fd5079e681b8f5896838b76":"1b2d19a2beaa14a7ff3fe32a30ffc4eed0a7bd04e85bfcdd0227eeb7b9d7d01f5769da05d205bbfcc8c69069134bccd3":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecp_mod_add_sub:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":"65d74acbc7e6c3700ee4bfaeb4c9d2643e73d07e0ff416876b944087606560d1b9b0af1a2b3ff3f02f80f76fc5c1cf60":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"c11e60de1b343f52ea748db9e020307aaeb6db2c3a038a709779ac1f45e9dd320c855fdfa7251af0930cdbd30f0ad2a8":"e5e138e26c4454b90f756132e16dce72f18e859835e1f291d322a7353ead4efe440e2b4fda9c025a22f1a83185b98f5f":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecp_mod_add_sub:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":"c1a19bbedad2873d20c92e8d7a6b639b601ffc86ad0f1e2f28b5b85853c00455d35301179c9303579bf72f2f0bdbd017dd665e5448e21d1d157fadf47845cd3c43":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"1ba0a76c196067cfdcb11457d9cf45e2fa01d7f4275153924800600571fac3a5b263fdf57cd2c0064975c3747465cc36c270e8a35b10828d569c268a20eb78ac332":"1cb0b0c995e96e6bc4d62b47204007ee4fab105d83e85e951862f0981aebc1b00d92838e766ef9b6bf2d037fe2e20b6a8464174e75a5f834da70569c018eb2b5693":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecp_mod_add_sub:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":"19c137d65805dae62a80eec878420b772c825f3ba93244230fea80e9cec2ef073d970c5c1f7544684e54d19ec9ce3ae064d75d1ffe31c67b36b477bd498d4c79314":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"177d1f71575653a45c49390aa51cf5192bbf67da14be11d56ba0b4a2969d8055a9f03f2d71581d8e830112ff0f0948eccaf8877acf26c377c13f719726fd70bdda":"1f5790813e32748dd1db4917fc09f20dbb0dcc93f0e66dfe717c17313394391b6e2e6eacb0f0bb7be72bd6d25009aeb7fa0c4169b148d2f527e72daf0a54ef25c07":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecp_mod_add_sub:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":"4b727c53ac84e265d64a156f643e6a5eaf264b90efa258c65657086a6316481c43768596bc15c7e3891b0ef5c976fde802be8eb1c9adbf58bdc894935d81c9baed":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"164c7f3860895bfa81384ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da1a1fe3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccd":"1f58ed5d1b7b310b730049dd332a73fa0b26b75196cf87eb8a09b27ec714307c68c425424a1574f1eedf5b0f16cdfdb839424d201e653f53d6883ca1c107ca6e706":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR +# The following data be generated by random.getrandbits() in python with seed(3,2) ecp_add_sub #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"96e729c5c64b7f54375c2779f034acc1f32c26358a621ab421b9c4d4c11ddb28":"33eb3a8e03933a02b786bade686d3399f5b7ef9f36401fb7f5e398b7d66c81ae":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_add_sub:"795b929e9a9a80fdea7b5bf55eb561a4216363698b529b4a97b750923ceb3ffd":"781f9c58d6645fa9e8a8529f035efa259b08923d10c67fd994b2b8fda02f34a6":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"7491ad896c2a0ec65950db5c91e9b573a77839fd576481da85f5a77c7ceccce0":"6275f327b371baa38c4830c10ed8dcf470918ee113dbdb54aeecac4407821ec1":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_add_sub:"8a7d43b578633074b7970386fee29476311624273bfd1d338d0038ec42650644":"3b5f3d86268ecc45dc6bf1e1a399f82a65aa9c8279f248b08cb4a0d7d6225675":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":"8f068ef36d063355c4aa2dc407d5f13d941681994e88f1b37000eb77cc323568":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_add_sub:"3e0a813bdc2ae9963d2e49085ef3430ed038db4de38378426d0b944a2863a7f":"af438d297524d6af51e8722c21b609228ce6f2410645d51c6f8da3eabe19f58":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":"3f5dd2814cd77a4c6b0498d4cff1278ee5b23e0f35f7a51dc563d6422e6c70ff":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"984181177906159644f9794cdd933160d2d5844307f062cec7b317d94d1fe09f":"6d4b9adbebcd1f5ec9c18070b6d13089633a50eee0f9e038eb8f624fb804d820":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"8bcf768f2f7d6d22133de97f5e463337ff030e662d6f6724d5bad27e27be5dc0":"3c0b7770a0a71ab40307387b7ed50cd11c842de1899fde73ee26a2be7c10555b":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"2257989fef829c88f6ced90a71d2af7293b05a04cd085b71ba6676b3651c5253":"420b0ebe378c74dc7eb0adf422cedafb092fdddf18f2c41c5d92b243e0fd67dd":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -ecp_mod_add_sub:"435ed5da780b83a0130fc8f03e8e224d5bb4ae2eeeba214b8156544c4ae85944":"7e27ace7d1431b1acb5887212e8c7ea11a66817a582b9800e994bd0d43ba4756":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"6bd0638b4d100d8fdaf0105ba06c05a1c76abf436fa84dcaac0ae4e2f729b4c8":"6856e45b95c76ab488bafad959d5450592f3277b62c82185d55ec1a581daad10":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #22 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"4003a648cfeda3a738a3e05933c6ce5098ab6dc943821cfc485f8991caaba99979ced9bb237c6b24997db8359a4a659f":"4f212fc07fd99090ea825b78602786d9a2322a0e5aa21e175c7d8f82d72d002cb55518f8deeffb227bf2fa4315a54552":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_add_sub:"4a5792b26aba54efa25994fc58aaac8176f7f138456bb11bd997c6f7cb3a88f684b5b4de4abcc4e46bd881fd21334eb0":"454608a5737b6ed79182c3c8e288b16437d02410a675a109bdf84ab55632a44614777e962b56363cf5efd434db045aae":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"62b4355dc4cc6d76fc1633c46222c6ad5efaf6de931f0d25217d3dcebfd443fec31eeba68688717275a039863d03a48b":"7540b21c067768b092c0b353d40f82701743c220cc90085ee74303e4552a478c93470a623f4bd83c3d740d037fb18eed":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE - +ecp_mod_add_sub:"439e7fa9987aa6bdd805f5d25e80dfffc2134f15500b2f292f6c48f65d2c29382d6b76db51ed2f1599f8eee797b9580f":"21a4cadebc344f4baf091db491bae46af8abffd606e44edfd0247e4cc5b3b5d31ad8df8e608d9499c98c9e514ce74654":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":"68d46a69a1b828e5099dc54f8b302f4e8998c51fc9228d4fdd0d782e8d6735aa2df7c604225483e9390548983e03fcc1":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_add_sub:"7d500f7cbcefd0a747679714b4fab1019bde81635a427c37ead6b3cbade562bc5a58b185775c303c551b7f9da0996d52":"4c736db374d0df35a0c2995f40498cb35e819615f69b31ce0570ceeead0faadaf47076520f81f60c96e1689405adc011":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":"3355ff1fbf1dd347f1bd321d0e41887802e8f28bdf4d4c6ec392dca4cf8e612428c1f805fde0207fe3e53a342f437864":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"1aa4b64091b1078e926baeafe79a27e68ab12c32f6f22f41538e504edc52bdcab2d87d5e29c0e596b2109307abd8952c":"846008638daf051b79e4444ed6897d8fc5ab8f2f33dc30a8f1233c76f31b6928298956cfca65f8e9f66ad57e1464134":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"82b18c3794463edeb80760098f7d392569dde6ed5ec21753b66e4e9b79e2f3e89bfc9fea1a2ffda2c285a0cc4afeab0":"659408567a79795f84ac799726adeaa1a88053daf8f71452a27ee136d3b912d85c0bf63d14e892964f07b1932f6d566b":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"7b6471e2103ef3c21fdaf62548f2f8ed445fad2a92d3043afcf249f3d4e441c3a20ab57c360c4979a7cf94d7b6bcb64f":"897897da86640cb0051490eaa9b38f203d3221cc4cc576f280d0dfba2bfc7ffd1eeda989becbde017b25f34a035d7017":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -ecp_mod_add_sub:"7c17dc9df00c870a701c07186bd74b752abb6a9e17ee1c6342403e75d6fa7431b32e2495eb3f5e67c6519b43c6f69e28":"806a6dc5282a42114dbcb10eb3cd87bfeab2bf4e6cd9ba1810725141145e9661656578604b94f665755580008890c71f":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"526ef7026988f4fe5a8181b691406be110d7c25ccf3d0b35815a3d516a91f397bc73a83fd63ed5ba385ac4bda9bf98c":"8a7db67fdc960f12f8d45cb940a230e6201a95cc5762e3571d140ed89cb6c63de9bfec51f06516210da1920569eb8cb4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #28 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"27e445caeb0d6752bd051f36a6d21ccdf67ba9b8238f2552aba237c3c72f3d384e7df2a25f95b779c7f38a4123741e2c691c4d5b87b231e4a98ecb9166a73674":"2dcb8bdae089b8a1d2cbb147a2c0e7daedef3425b20c220dbc3d9ff5f36640d3687abe9ef173b3a4fcd94f4c0c5ea348864985c7f40bd5444f5c66063cb986bc":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_add_sub:"46150f34caab02c83d4d071b2bda77121e84949cd11a8404e33c37f188ddf9181f49e090328475a738868e9b5a124b1d0fb5d240c846756acfc1d5507a299d74":"4ca44e40943e5a2248d4a701f3d13a7bb243f13dd61005357b5f2ea9ac6cc64e1d76f9d1d80caa4d068508d51f0c6f07da305f2cd76ee016576b7da1060344bf":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #29 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"7b1dc9c166abbcd7a1a6b1ec375a3125aa3257d1d40e781f1ac9023dba4248415aa0eaea6fa8ce460f85fdae3f62fbb4bdcb953328f5d5664b71f70f681c0f4e":"36074851bc5a348971ea98f28bf04fe46713a4e0b7a834b96476e3306f808ab3d002b65e16e0478e27d10af5538ec77b5d809ec2b1196d930619b48155c9f6cd":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_add_sub:"3f8de0e1457a46a7c1a9425a0cc8557466789723dcd06050922631c6a0ec66f37ccce34401ebd454ebb679b4d2d0d09720e469aace595c72e3bf018debf8e3d9":"a2fd39d9615906a78a943011c859e78da6782c0b9abc3e5b75f828935f8eec2c0aff87582db5db0591157d5f1474683acb984da361574803b9191d5cb74e9504":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":"8072004af6d9d33e8c5954284a4386a23000b50afb95047209c5fdca518706f784b66b6b7dd2705b51e037391515dddbd75295f461da0fb4f9b6f57b8d718c45":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE +ecp_mod_add_sub:"125fdb0f50884d442833e1d550de93987d7015fc808aefcf83f18d61160c7c39b674c4f4dabd2a4c08736a21f985732a7b99a1261183c1860cc1e0331fe78154":"6b153e7ab1b20f01f34624556ba6cc6d50a078d8b3effcadc29237ff7f03ca9ea0a0304d5f56ed310d95a7016e7ceb10e2f416a79f781c980b1ed724cd18e1a9":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE ecp_add_sub #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":"9da4c17ac850d4f63f8d3161623765b604c628cefb0126047676db1af1947231717259cd6d08273384c2452564da4b7ecbaaa72696b6c80f74d30c57a77fbe8b":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"8da65a44ef3f7a401993edb1bfbc2a588df13f021b538e133d019261b7149706876cfe7c82e63e71904a896fc4758a8dff09f0150948f14b16baa014cc7ab32f":"731323ee13201b6215fa8a36d04d65c3974f6606cc57efacd9a68b4125321dc9703d20db1f69af34524ab0a892ca38f37f961cd3ebdc77a0496be3975f99ac4":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"99c2751d157489ab961a7bf1be12c8575cc56c99c6db8e2273450f6332ecdd3cd9b33763acd0509d8b98250462319bfd7cfbfc87c99ce31c15cefab651bc088c":"6866102f6694a10f74c811a24138c43ce32c887ba3e03815215bc0852f31da2534a0e4d373910863bc72e5151270dd409a0ad49b36a54cac8242144059e2e1e8":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"3c3a447d80144a61601545c415508f3cf76060ee6b104fc58e7fdffb59ac3e68f052e38f658a2d349975c9765e129a3740bdcb7464cb7c6cf14fc8f2c0e836c4":"2331df8142351e6ec69ae2d6308b24cbe3e255b43df9ba79411171b4da97fa8037a5ae35f56e539311bb4e07ace3ca83c6ff46a4b7ba6c95a5f3b3fa3c1a7547":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -ecp_mod_add_sub:"3169122b79ab7add228eed5b4de336dcb5daae8136b5cb184c08752d727c954840f8e2ad6860245128f6931a4598578679a65aa6e4b138a349586c57d03d2216":"6b7cfddae0a3a1a0ac747844fd7254736e85983f8fcddbbd4b95da6b66985ed0c6934a6a1047c431cdc4ba5b9699a6be0f98bb5970ab0d0737e1bd2d148ab3d5":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"71bf2f08e9f7f9da70376bad2555e5ee6d966bcd5a91d4c949cc37677d2519b34ac7eb999581b2eb394c3b17ac666bfb292c157fdc0754a6b1d5f0224c3a235":"174907806c5d14842eea9771503c14af0b869300dd771fce2b72143f41483337ef0bfa78e656abc109691290dbcceb43acd62c6ab46977d09f355e742feb67af":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR +# The following data be generated by random.getrandbits() in python with seed(4,2) ecp_add_sub #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_mod_add_sub:"0283877635fb4712d31e176ae3bfc2bbd63c1e4a498d2ed41ed6f9c691b2ce55":"01ceebebd76cf3324bd69a3e36338682a4432ced6ecfd604c61f06a0a785fcf9":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"01710cf527ac435a7a97c643656412a9b8a1abcd1a6916c74da4f9fc3c6da5d7":"0fd72445ccea71ff4a14876aeaff1a098ca5996666ceab360512bd1311072231":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_mod_add_sub:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":"0512bcda8d3b5ef3e6ba37996f0bf5ad7b019e56bc65025115b4b0845c84223":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"10000000000000000000000000000000110a8010ce80c4b0a4042bb3d4341aad":"1000000000000000000000000000000010a8c61e3184ff27459142deccea2645":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED -ecp_mod_add_sub:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":"062fa75ae67f3463c9eebce624f9d8ba6644a05b078cd976ecd710f9bc43a347":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"0c79d67946d4ac7a5c3902b38963dc6e8534f45738d048ec0f1099c6c3e1b258":"0690526ed6f0b09f165c8ce36e2f24b43000de01b2ed40ed3addccb2c33be0a":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecp_mod_add_sub:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":"8f03bee76599feb4aaf0e67df83ff8851ec97047ef328e78":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"f5ff0c03bb5d7385de08caa1a08179104a25e4664f5253a0":"f1cfd99216df648647adec26793d0e453f5082492d83a823":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecp_mod_add_sub:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":"f4d8e3b71eee5bb8cf08fb85f0eb73a9172f95f3d25c86a1":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"d8441b5616332aca5f552773e14b0190d93936e1daca3c06":"d7288ff68c320f89f1347e0cdd905ecfd160c5d0ef412ed6":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #39 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -ecp_mod_add_sub:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":"32129cb349733a118cdfb66dd1222dadf9e187f5ca4e97ab":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"3fb62d2c81862fc9634f806fabf4a07c566002249b191bf4":"b474c7e89286a1754abcb06ae8abb93f01d89a024cdce7a6":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_add_sub:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":"0c1519a55899488ed1e4ee192b7de22dd30303a8014f10f87581dd769":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"069f85e3131f3b9238224b122c3e4a892d9196ada4fcfa583e1df8af9":"0a5e333cb88dcf94384d4cd1f47ca7883ff5a52f1a05885ac7671863c":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_add_sub:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":"0c96ffe83bfb73df893cac1dd18ddba0784281feed985930eb18e1211":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"03bb4a570294c4ea3738d243a6e58d5ca49c7b59b995253fd6c79a3de":"032111ac1ac7cc4a4ff4dab102522d53857c49391b36cc9aa78a330a1":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -ecp_mod_add_sub:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":"01c0747a090df5fa917948b74f1739e03849918522dcc0ba70bf6bf65":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"00bdbc23a14c15c910b11ad28cc21ce88d0060cc54278c2614e1bcb38":"070ef55b1a1f65507a2909cb633e238b4e9dd38b869ace91311021c9e":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_add_sub #42.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_add_sub:"100000000000000000000000000006f985b17b9662f0733c846bbe9e8":"10000000000000000000000000000a26a52175b7a96b98b5fbf37a2be":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecp_mod_add_sub:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":"2a0f3c405959a0df24a1c24d0e50bc27d73d377ef7aa17fb398e6ee50eca9cda":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"5b69dc230af5ac870692b534758240df4a7a03052d733dcdef40af2e54c0ce68":"acdac615bc20f6264922b9ccf469aef8f6e7d078e55b85dd1525f363b281b888":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #44 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecp_mod_add_sub:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":"61ebb4588eb06389bf3ea55a6af66179ca8d5ca071c120aa27f592621d1f42d2":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"b54a23020fc5b043d6e4a51519d9c9cc52d32377e78131c132decd6b8efbc170":"272515cdf74c381652595daf49fbac3652a3b18104a7f00753be4721f5b9e1f5":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #45 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -ecp_mod_add_sub:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":"b76684acd0c06df6b397a52d592728718ab4dbdb0bc1bd9877f790dfa807b5a5":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"1f44ebd13cc75f3edcb285f89d8cf4d4950b16ffc3e1ac3b4708d9893a973000":"ae17584a9ed9c621de97faf0f17ca82cdc82f2526911c9dda6e46653c676176a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #46 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff113c3c73012694226d0fa5634209c67c319871c13da14288ea5d40d0":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"0000000000000003f28adf9f6396ae3994b971761b2ceba40031ad622ed93874ac034cf71b34e47e4e2aafd310096249e2387a54b1cef3913e7d611d163b764":"0000000000000003f924aec4a53583bff4788955cdb7f4ccde9d231c8a38e7b5d7d255f2b68beef746ccfcd0b77d43a5d02db430267ce8c92b607d554d08ce6":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #47 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff295b0df3935816d53eb20f209a324c61d1656f6f78f75d857d67ef0c":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"0000000000000003f9874f82b2df98dbcb3fd500e2637300fecf10e0f30e0051d1615ad353a09cfeaa1b2956c8826ec350d775dfb53e13d7077b81d18dbb0c1":"0000000000000003fd5b8c21f4d4cc5091b5ffbff651b9052496e1e3fc24ec0952989c17d9c649a8bd5bb710a77ec0c9b44baf5264ed787f87a7976ad448abd":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR ecp_add_sub #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_add_sub:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff46daf5f8d9477b655aa45d424af0d2c450f1d7749ae62b5f9c20b12a":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR +ecp_mod_add_sub:"0000000000000003f7defb1691e8e3b705620733deaaddd33a760e17a4e9ba333445533fcd71d42a6d00e3468c946b0ff353728c6173d944afbfae4877c606f":"0000000000000003f96c1d081a3cfe300dc4c27fa2ebbc37396957d4bf81156d86b88de3a9312ca5be57d93fa3549b71895aa36bd5231f38146a2f0970425b":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR From f57007dd1edb3f323cf396c66204a69349509d6f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 19 May 2023 13:54:39 +0200 Subject: [PATCH 296/483] pk: fixing and improving comments Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 21 ++++++++++++--------- library/pk_wrap.c | 2 +- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index f2cf9fed25..3a5543a3c1 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -202,16 +202,21 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_CAN_ECDH #endif -/* Helper to define which fields in the pk_context structure below should be - * used for EC keys: legacy ecp_keypair or the raw (PSA friendly) format. - * It should be noticed that this only affect how data is stored, not which - * functions are used for various operations. The overall picture looks like - * this: +/* Internal helper to define which fields in the pk_context structure below + * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) + * format. It should be noticed that this only affect how data is stored, not + * which functions are used for various operations. The overall picture looks + * like this: * - if ECP_C is defined then use legacy functions * - if USE_PSA is defined and * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly * format and use PSA functions * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \ defined(MBEDTLS_ECP_LIGHT) @@ -258,9 +263,7 @@ typedef struct mbedtls_pk_context { const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */ void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ /* When MBEDTLS_PSA_CRYPTO_C is enabled then the following priv_id field is - * used to store the ID of the opaque key. Differently from the raw public - * key management below, in this case there is no counterpart in the pk_ctx - * field to work in parallel with. + * used to store the ID of the opaque key. * This priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by * MBEDTLS_USE_PSA_CRYPTO because it can be used also in mbedtls_pk_sign_ext * for RSA keys. */ @@ -283,7 +286,7 @@ typedef struct mbedtls_pk_context { * all the operations. * * Note: This new public key storing solution only works for EC keys, not - * other ones. The latters is still use pk_ctx to store their own + * other ones. The latters still use pk_ctx to store their own * context. */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 376af2509a..e21ec2b307 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -792,7 +792,7 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, p = (unsigned char *) sig; /* extract_ecdsa_sig's last parameter is the size - * of each integer to be parse, so it's actually half + * of each integer to be parsed, so it's actually half * the size of the signature. */ if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf, signature_len/2)) != 0) { From 5e4a01bff55b3c79a60fe6e4f5876d68798f9ca0 Mon Sep 17 00:00:00 2001 From: "Aaron M. Ucko" Date: Tue, 17 Jan 2023 13:26:35 -0500 Subject: [PATCH 297/483] mbedtls/platform.h: Avoid potential macro redefinition warnings. Some identifiers (e.g. mbedtls_free) can name either functions or macros depending on configuration settings. For those that turn out to name macros, first clear out any existing macro definitions to accommodate possible unconditional bulk symbol renaming. (There remains no standard provision for such renaming, but it's nevertheless straightforward enough to do as desired, particularly with this change in place.) Signed-off-by: Aaron M. Ucko --- include/mbedtls/platform.h | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index f651587193..768c756b9b 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -139,6 +139,8 @@ extern "C" { #if defined(MBEDTLS_PLATFORM_MEMORY) #if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \ defined(MBEDTLS_PLATFORM_CALLOC_MACRO) +#undef mbedtls_free +#undef mbedtls_calloc #define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO #define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO #else @@ -160,6 +162,8 @@ int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t), void (*free_func)(void *)); #endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */ #else /* !MBEDTLS_PLATFORM_MEMORY */ +#undef mbedtls_free +#undef mbedtls_calloc #define mbedtls_free free #define mbedtls_calloc calloc #endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */ @@ -184,6 +188,7 @@ extern int (*mbedtls_fprintf)(FILE *stream, const char *format, ...); int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream, const char *, ...)); #else +#undef mbedtls_fprintf #if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) #define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO #else @@ -208,6 +213,7 @@ extern int (*mbedtls_printf)(const char *format, ...); */ int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...)); #else /* !MBEDTLS_PLATFORM_PRINTF_ALT */ +#undef mbedtls_printf #if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) #define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO #else @@ -243,6 +249,7 @@ extern int (*mbedtls_snprintf)(char *s, size_t n, const char *format, ...); int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n, const char *format, ...)); #else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ +#undef mbedtls_snprintf #if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) #define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO #else @@ -279,6 +286,7 @@ extern int (*mbedtls_vsnprintf)(char *s, size_t n, const char *format, va_list a int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n, const char *format, va_list arg)); #else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ +#undef mbedtls_vsnprintf #if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) #define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO #else @@ -320,7 +328,9 @@ extern void (*mbedtls_setbuf)(FILE *stream, char *buf); */ int mbedtls_platform_set_setbuf(void (*setbuf_func)( FILE *stream, char *buf)); -#elif defined(MBEDTLS_PLATFORM_SETBUF_MACRO) +#else +#undef mbedtls_setbuf +#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO) /** * \brief Macro defining the function for the library to * call for `setbuf` functionality (changing the @@ -334,7 +344,8 @@ int mbedtls_platform_set_setbuf(void (*setbuf_func)( #define mbedtls_setbuf MBEDTLS_PLATFORM_SETBUF_MACRO #else #define mbedtls_setbuf setbuf -#endif /* MBEDTLS_PLATFORM_SETBUF_ALT / MBEDTLS_PLATFORM_SETBUF_MACRO */ +#endif /* MBEDTLS_PLATFORM_SETBUF_MACRO */ +#endif /* MBEDTLS_PLATFORM_SETBUF_ALT */ /* * The function pointers for exit @@ -353,6 +364,7 @@ extern void (*mbedtls_exit)(int status); */ int mbedtls_platform_set_exit(void (*exit_func)(int status)); #else +#undef mbedtls_exit #if defined(MBEDTLS_PLATFORM_EXIT_MACRO) #define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO #else @@ -405,6 +417,8 @@ int mbedtls_platform_set_nv_seed( int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len) ); #else +#undef mbedtls_nv_seed_read +#undef mbedtls_nv_seed_write #if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \ defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) #define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO From 10b6daf755ad8dd4771baefb010a12def0d397df Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 22 May 2023 02:28:06 +0000 Subject: [PATCH 298/483] Fix the comments of sum in ecp function Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 69cd4e5adc..f5cb3df77a 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1640,7 +1640,7 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_B_limbs), 0); TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rS, &m, p_S, p_A_limbs), 0); - /* Firstly add A and B to get the summary S, then subtract B, + /* Firstly add A and B to get the sum S, then subtract B, * the difference should be equal to A*/ TEST_EQUAL(0, mbedtls_mpi_mod_add(&rS, &rA, &rB, &m)); TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m)); From 37db33265821f36d6fc70112e5e86420cbb72d27 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 22 May 2023 16:50:35 +0800 Subject: [PATCH 299/483] build_info.h: rewrite comment Signed-off-by: Yanray Wang --- include/mbedtls/build_info.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 1acf47759b..0917bf72a0 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -89,7 +89,7 @@ /* PSA crypto specific configuration options * - If config_psa.h reads a configuration option in preprocessor directive, - * this symbol should be consulted before its inclusion. (e.g. MBEDTLS_MD_C) + * this symbol should be set before its inclusion. (e.g. MBEDTLS_MD_C) * - If config_psa.h writes a configuration option in conditional directive, * this symbol should be consulted after its inclusion. * (e.g. MBEDTLS_MD_LIGHT) From f33b4a5aede1aac48c18496354e1fefcfe58ed04 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 22 May 2023 10:55:46 +0000 Subject: [PATCH 300/483] Update comments how to generate the randoms to make it reproducible Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 22493dbe41..bf8e9e9850 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1235,9 +1235,10 @@ ecp_mul_inv #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits() in python with seed(2,2), and they must be -# less than the named curves' modulus. mbedtls_mpi_mod_residue_setup() can be used to check whether it -# satisfy the requirements. +# The following data was generated using python's standard random library, +# initialised with seed(2,2) and random.getrandbits(curve bits). Curve bits are 192,256,384,520. +# They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup() +# can be used to check whether they satisfy the requirements. ecp_add_sub #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecp_mod_add_sub:"177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973":"cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR @@ -1298,7 +1299,8 @@ ecp_add_sub #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecp_mod_add_sub:"164c7f3860895bfa81384ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da1a1fe3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccd":"1f58ed5d1b7b310b730049dd332a73fa0b26b75196cf87eb8a09b27ec714307c68c425424a1574f1eedf5b0f16cdfdb839424d201e653f53d6883ca1c107ca6e706":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits() in python with seed(3,2) +# The following data was generated using python's standard random library, +# initialised with seed(3,2) and random.getrandbits(curve bits). Curve bits are 256,384,512. ecp_add_sub #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED ecp_mod_add_sub:"795b929e9a9a80fdea7b5bf55eb561a4216363698b529b4a97b750923ceb3ffd":"781f9c58d6645fa9e8a8529f035efa259b08923d10c67fd994b2b8fda02f34a6":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE @@ -1371,7 +1373,8 @@ ecp_add_sub #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecp_mod_add_sub:"71bf2f08e9f7f9da70376bad2555e5ee6d966bcd5a91d4c949cc37677d2519b34ac7eb999581b2eb394c3b17ac666bfb292c157fdc0754a6b1d5f0224c3a235":"174907806c5d14842eea9771503c14af0b869300dd771fce2b72143f41483337ef0bfa78e656abc109691290dbcceb43acd62c6ab46977d09f355e742feb67af":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits() in python with seed(4,2) +# The following data was generated using python's standard random library, +# initialised with seed(4,2) and random.getrandbits(curve bits). Curve bits are 128,254,192,256,448. ecp_add_sub #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_add_sub:"01710cf527ac435a7a97c643656412a9b8a1abcd1a6916c74da4f9fc3c6da5d7":"0fd72445ccea71ff4a14876aeaff1a098ca5996666ceab360512bd1311072231":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR From 850a0797cab8004105bae9b2ed02fc324311d784 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 22 May 2023 12:05:03 +0100 Subject: [PATCH 301/483] Remove extraneous check in for loop condition Issue 7529 uncovered an unrequired check in a for loop condition in ssl_tls.c. This commit removes said check. Signed-off-by: Thomas Daubney --- library/ssl_tls.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fe666e88cc..7f35c74571 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1155,8 +1155,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) size_t length; const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list; - for (length = 0; (curve_list[length] != MBEDTLS_ECP_DP_NONE) && - (length < MBEDTLS_ECP_DP_MAX); length++) { + for (length = 0; (curve_list[length] != MBEDTLS_ECP_DP_NONE); length++) { } /* Leave room for zero termination */ From 00d55988d994396f220c3f59b0d7c85e096f45f8 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 22 May 2023 09:37:55 -0400 Subject: [PATCH 302/483] Fix wrong makefile target Missing tab and a prerequisite that's not a file Signed-off-by: Andrzej Kurek --- tests/data_files/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 2bc17fb24b..3d2d5dccd5 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -41,8 +41,8 @@ test_ca_key_file_rsa = test-ca.key test_ca_pwd_rsa = PolarSSLTest test_ca_config_file = test-ca.opensslconf -$(test_ca_key_file_rsa):$(test_ca_pwd_rsa) - $(OPENSSL) genrsa -aes-128-cbc -passout pass:$< -out $@ 2048 +$(test_ca_key_file_rsa): + $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048 all_final += $(test_ca_key_file_rsa) test-ca.req.sha256: $(test_ca_key_file_rsa) From a7cb845705163ee3c2fa396da5737df5b3daac65 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 22 May 2023 18:39:43 +0200 Subject: [PATCH 303/483] pk: add checks for the returned ECC family Signed-off-by: Valerio Setti --- library/pk.c | 3 +++ library/pk_wrap.c | 4 ++++ tests/suites/test_suite_pk.function | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/library/pk.c b/library/pk.c index 826c29a8cb..9c4aa16a6b 100644 --- a/library/pk.c +++ b/library/pk.c @@ -224,6 +224,9 @@ int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk, pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id, &pk->ec_bits); + if (pk->ec_family == 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } return 0; } diff --git a/library/pk_wrap.c b/library/pk_wrap.c index e21ec2b307..3a3d3998b0 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1150,6 +1150,10 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ const size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits); + if (curve == 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index d397374951..7227f92782 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -38,6 +38,10 @@ static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) size_t key_len; int ret; + if (curve == 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_bits(&key_attr, curve_bits); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); From 016264b6cb442d27c436fb1b061cae4b9365a844 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 22 May 2023 18:40:35 +0200 Subject: [PATCH 304/483] pk: fix a return value and a typo in comment Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 2 +- library/pkparse.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 3a5543a3c1..ffd1b73b23 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -282,7 +282,7 @@ typedef struct mbedtls_pk_context { * - the following fields are used for all public key operations: signature * verify, key pair check and key write. * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy - * ecp_keypair structure is used for storing the public key and perform + * ecp_keypair structure is used for storing the public key and performing * all the operations. * * Note: This new public key storing solution only works for EC keys, not diff --git a/library/pkparse.c b/library/pkparse.c index d47b099493..9bc88015af 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -722,7 +722,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, } else { /* Uncompressed format */ if ((end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } memcpy(pk->pub_raw, *p, (end - *p)); pk->pub_raw_len = end - *p; From 51cef9ce38c36bac8a060bbfae025d1defae2651 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 22 May 2023 15:20:21 -0400 Subject: [PATCH 305/483] Add missing AES_C dependency in x509 tests Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 05a6c2c2cd..4eeeacdcc3 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -163,7 +163,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMI x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0 Certificate write check Server1 SHA1, SubjectAltNames -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1 X509 String to Names #1 From da609130f37fff9a778094271ce2d0f3ce086a0e Mon Sep 17 00:00:00 2001 From: YxC Date: Mon, 22 May 2023 12:08:12 -0700 Subject: [PATCH 306/483] fix: correct calling to time function in tls13 client&server Call `mbedtls_time` to handle the case when MBEDTLS_PLATFORM_TIME_MACRO is defined Signed-off-by: Yuxiang Cao --- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_server.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e1d0c6ced0..e347853818 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1696,7 +1696,7 @@ static int ssl_tls13_parse_server_hello(mbedtls_ssl_context *ssl, cipher_suite, ciphersuite_info->name)); #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = time(NULL); + ssl->session_negotiate->start = mbedtls_time(NULL); #endif /* MBEDTLS_HAVE_TIME */ /* ... diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 33121afa73..dc3c2f070d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1846,7 +1846,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) MBEDTLS_SERVER_HELLO_RANDOM_LEN); #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = time(NULL); + ssl->session_negotiate->start = mbedtls_time(NULL); #endif /* MBEDTLS_HAVE_TIME */ return ret; From d0292c2acafc75be99c283a652450c82fa0f5033 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 10 May 2023 15:46:47 +0100 Subject: [PATCH 307/483] ecp_curves: Refactored `mbedtls_ecp_mod_p255`. This patch introduces following methods, as implemented in the design prototype, and updates them to utilise the _core methods available for multiplication and addition. * `mbedtls_ecp_mod_p255()` * `mbedtls_ecp_mod_p255_raw()` An entry has been exposed in the `ecp_invasive.h` header to facilitate testing. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 51 ++++++++++++++++++++++++++++++------------ library/ecp_invasive.h | 7 ++++++ 2 files changed, 44 insertions(+), 14 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 6573f8954d..98e2f95196 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4604,6 +4604,8 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); /* Additional forward declarations */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) static int ecp_mod_p255(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) static int ecp_mod_p448(mbedtls_mpi *); @@ -5417,26 +5419,47 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) */ static int ecp_mod_p255(mbedtls_mpi *N) { - mbedtls_mpi_uint Mp[P255_WIDTH]; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((256 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); +cleanup: + return ret; +} - /* Helper references for top part of N */ - mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH; - const size_t NT_n = N->n - P255_WIDTH; - if (N->n <= P255_WIDTH) { +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) +{ + mbedtls_mpi_uint carry[P255_WIDTH]; + memset(carry, 0, sizeof(mbedtls_mpi_uint) * P255_WIDTH); + + if (X_Limbs > 2*P255_WIDTH) { + X_Limbs = 2*P255_WIDTH; + } else if (X_Limbs < P255_WIDTH) { return 0; } - if (NT_n > P255_WIDTH) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + + /* Step 1: Reduction to P255_WIDTH limbs */ + if (X_Limbs > P255_WIDTH) { + /* Helper references for top part of N */ + mbedtls_mpi_uint * const NT_p = X + P255_WIDTH; + const size_t NT_n = X_Limbs - P255_WIDTH; + + /* N = A0 + 38 * A1, capture carry out */ + carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, NT_p, NT_n, 38); + /* Clear top part */ + memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); } - /* Split N as N + 2^256 M */ - memcpy(Mp, NT_p, sizeof(mbedtls_mpi_uint) * NT_n); - memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); + /* Step 2: Reduce to

> (biL - 1)); + carry[0] *= 19; - /* N = A0 + 38 * A1 */ - mbedtls_mpi_core_mla(N->p, P255_WIDTH + 1, - Mp, NT_n, - 38); + /* Clear top bit */ + X[P255_WIDTH-1] <<= 1; X[P255_WIDTH-1] >>= 1; + (void) mbedtls_mpi_core_add(X, X, &carry[0], P255_WIDTH); return 0; } diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index aadcdbc78e..bea002c35a 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -241,6 +241,13 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs); + +#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ + #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) MBEDTLS_STATIC_TESTABLE From 967b4779543e7cccc2e19e97b53b0e6c82aebebd Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 23 May 2023 06:07:32 +0000 Subject: [PATCH 308/483] Add test data "modulus-1" and "modulus-2" for every curve Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 81 ++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index bf8e9e9850..d08ce0f99a 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1239,6 +1239,12 @@ ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffff # initialised with seed(2,2) and random.getrandbits(curve bits). Curve bits are 192,256,384,520. # They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup() # can be used to check whether they satisfy the requirements. + +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #1.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_add_sub:"ffffffffffffffffffffffff99def836146bc9b1b4d22830":"ffffffffffffffffffffffff99def836146bc9b1b4d2282f":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecp_mod_add_sub:"177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973":"cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR @@ -1251,6 +1257,11 @@ ecp_add_sub #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecp_mod_add_sub:"dc38f519b91751dacdbd47d364be8049a372db8f6e405d93":"ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #4.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_add_sub:"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3c":"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3b":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED ecp_mod_add_sub:"706a045defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2":"6c71c4a66148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb9":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR @@ -1263,6 +1274,11 @@ ecp_add_sub #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED ecp_mod_add_sub:"2e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0":"867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b3":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #7.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_add_sub:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_mod_add_sub:"5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561":"665d7435c1066932f4767f26294365b2721dea3bf63f23d0dbe53fcafb2147df":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR @@ -1275,6 +1291,11 @@ ecp_add_sub #9 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED ecp_mod_add_sub:"b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a74667bffe202849d":"f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3eb9ac688":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #10.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_add_sub:"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52972":"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52971":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED ecp_mod_add_sub:"7ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062d08f1bb2531d6460":"9da59b74a6c3181c81e220df848b1df78feb994a81167346d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f8777":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR @@ -1287,6 +1308,11 @@ ecp_add_sub #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED ecp_mod_add_sub:"c11e60de1b343f52ea748db9e020307aaeb6db2c3a038a709779ac1f45e9dd320c855fdfa7251af0930cdbd30f0ad2a8":"e5e138e26c4454b90f756132e16dce72f18e859835e1f291d322a7353ead4efe440e2b4fda9c025a22f1a83185b98f5f":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #13.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_add_sub:"01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386408":"01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386407":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecp_mod_add_sub:"1ba0a76c196067cfdcb11457d9cf45e2fa01d7f4275153924800600571fac3a5b263fdf57cd2c0064975c3747465cc36c270e8a35b10828d569c268a20eb78ac332":"1cb0b0c995e96e6bc4d62b47204007ee4fab105d83e85e951862f0981aebc1b00d92838e766ef9b6bf2d037fe2e20b6a8464174e75a5f834da70569c018eb2b5693":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR @@ -1299,6 +1325,11 @@ ecp_add_sub #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecp_mod_add_sub:"164c7f3860895bfa81384ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da1a1fe3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccd":"1f58ed5d1b7b310b730049dd332a73fa0b26b75196cf87eb8a09b27ec714307c68c425424a1574f1eedf5b0f16cdfdb839424d201e653f53d6883ca1c107ca6e706":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #16.0 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_add_sub:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5376":"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5375":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE + # The following data was generated using python's standard random library, # initialised with seed(3,2) and random.getrandbits(curve bits). Curve bits are 256,384,512. ecp_add_sub #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) @@ -1313,6 +1344,11 @@ ecp_add_sub #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED ecp_mod_add_sub:"3e0a813bdc2ae9963d2e49085ef3430ed038db4de38378426d0b944a2863a7f":"af438d297524d6af51e8722c21b609228ce6f2410645d51c6f8da3eabe19f58":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #19.0 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_add_sub:"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a6":"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a5":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_add_sub #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED ecp_mod_add_sub:"984181177906159644f9794cdd933160d2d5844307f062cec7b317d94d1fe09f":"6d4b9adbebcd1f5ec9c18070b6d13089633a50eee0f9e038eb8f624fb804d820":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR @@ -1325,6 +1361,11 @@ ecp_add_sub #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED ecp_mod_add_sub:"6bd0638b4d100d8fdaf0105ba06c05a1c76abf436fa84dcaac0ae4e2f729b4c8":"6856e45b95c76ab488bafad959d5450592f3277b62c82185d55ec1a581daad10":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #22.0 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_add_sub:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec52":"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec51":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_add_sub #22 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED ecp_mod_add_sub:"4a5792b26aba54efa25994fc58aaac8176f7f138456bb11bd997c6f7cb3a88f684b5b4de4abcc4e46bd881fd21334eb0":"454608a5737b6ed79182c3c8e288b16437d02410a675a109bdf84ab55632a44614777e962b56363cf5efd434db045aae":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE @@ -1337,6 +1378,11 @@ ecp_add_sub #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED ecp_mod_add_sub:"7d500f7cbcefd0a747679714b4fab1019bde81635a427c37ead6b3cbade562bc5a58b185775c303c551b7f9da0996d52":"4c736db374d0df35a0c2995f40498cb35e819615f69b31ce0570ceeead0faadaf47076520f81f60c96e1689405adc011":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #25.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_add_sub:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046564":"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046563":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED ecp_mod_add_sub:"1aa4b64091b1078e926baeafe79a27e68ab12c32f6f22f41538e504edc52bdcab2d87d5e29c0e596b2109307abd8952c":"846008638daf051b79e4444ed6897d8fc5ab8f2f33dc30a8f1233c76f31b6928298956cfca65f8e9f66ad57e1464134":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR @@ -1349,6 +1395,11 @@ ecp_add_sub #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED ecp_mod_add_sub:"526ef7026988f4fe5a8181b691406be110d7c25ccf3d0b35815a3d516a91f397bc73a83fd63ed5ba385ac4bda9bf98c":"8a7db67fdc960f12f8d45cb940a230e6201a95cc5762e3571d140ed89cb6c63de9bfec51f06516210da1920569eb8cb4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #28.0 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_add_sub:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f2":"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f1":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE + ecp_add_sub #28 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecp_mod_add_sub:"46150f34caab02c83d4d071b2bda77121e84949cd11a8404e33c37f188ddf9181f49e090328475a738868e9b5a124b1d0fb5d240c846756acfc1d5507a299d74":"4ca44e40943e5a2248d4a701f3d13a7bb243f13dd61005357b5f2ea9ac6cc64e1d76f9d1d80caa4d068508d51f0c6f07da305f2cd76ee016576b7da1060344bf":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE @@ -1361,6 +1412,11 @@ ecp_add_sub #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecp_mod_add_sub:"125fdb0f50884d442833e1d550de93987d7015fc808aefcf83f18d61160c7c39b674c4f4dabd2a4c08736a21f985732a7b99a1261183c1860cc1e0331fe78154":"6b153e7ab1b20f01f34624556ba6cc6d50a078d8b3effcadc29237ff7f03ca9ea0a0304d5f56ed310d95a7016e7ceb10e2f416a79f781c980b1ed724cd18e1a9":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #31.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_add_sub:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90068":"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90067":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecp_mod_add_sub:"8da65a44ef3f7a401993edb1bfbc2a588df13f021b538e133d019261b7149706876cfe7c82e63e71904a896fc4758a8dff09f0150948f14b16baa014cc7ab32f":"731323ee13201b6215fa8a36d04d65c3974f6606cc57efacd9a68b4125321dc9703d20db1f69af34524ab0a892ca38f37f961cd3ebdc77a0496be3975f99ac4":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR @@ -1373,6 +1429,11 @@ ecp_add_sub #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecp_mod_add_sub:"71bf2f08e9f7f9da70376bad2555e5ee6d966bcd5a91d4c949cc37677d2519b34ac7eb999581b2eb394c3b17ac666bfb292c157fdc0754a6b1d5f0224c3a235":"174907806c5d14842eea9771503c14af0b869300dd771fce2b72143f41483337ef0bfa78e656abc109691290dbcceb43acd62c6ab46977d09f355e742feb67af":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #34.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_add_sub:"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ec":"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3eb":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR + # The following data was generated using python's standard random library, # initialised with seed(4,2) and random.getrandbits(curve bits). Curve bits are 128,254,192,256,448. ecp_add_sub #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) @@ -1387,6 +1448,11 @@ ecp_add_sub #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_add_sub:"0c79d67946d4ac7a5c3902b38963dc6e8534f45738d048ec0f1099c6c3e1b258":"0690526ed6f0b09f165c8ce36e2f24b43000de01b2ed40ed3addccb2c33be0a":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #37.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_add_sub:"fffffffffffffffffffffffe26f2fc170f69466a74defd8c":"fffffffffffffffffffffffe26f2fc170f69466a74defd8b":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_add_sub:"f5ff0c03bb5d7385de08caa1a08179104a25e4664f5253a0":"f1cfd99216df648647adec26793d0e453f5082492d83a823":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR @@ -1399,6 +1465,11 @@ ecp_add_sub #39 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_add_sub:"3fb62d2c81862fc9634f806fabf4a07c566002249b191bf4":"b474c7e89286a1754abcb06ae8abb93f01d89a024cdce7a6":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #40.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_add_sub:"10000000000000000000000000001dce8d2ec6184caf0a971769fb1f6":"10000000000000000000000000001dce8d2ec6184caf0a971769fb1f5":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_add_sub:"069f85e3131f3b9238224b122c3e4a892d9196ada4fcfa583e1df8af9":"0a5e333cb88dcf94384d4cd1f47ca7883ff5a52f1a05885ac7671863c":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR @@ -1415,6 +1486,11 @@ ecp_add_sub #42.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_add_sub:"100000000000000000000000000006f985b17b9662f0733c846bbe9e8":"10000000000000000000000000000a26a52175b7a96b98b5fbf37a2be":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #43.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_add_sub:"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140":"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413f":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED ecp_mod_add_sub:"5b69dc230af5ac870692b534758240df4a7a03052d733dcdef40af2e54c0ce68":"acdac615bc20f6264922b9ccf469aef8f6e7d078e55b85dd1525f363b281b888":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR @@ -1427,6 +1503,11 @@ ecp_add_sub #45 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED ecp_mod_add_sub:"1f44ebd13cc75f3edcb285f89d8cf4d4950b16ffc3e1ac3b4708d9893a973000":"ae17584a9ed9c621de97faf0f17ca82cdc82f2526911c9dda6e46653c676176a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR +# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested. +ecp_add_sub #46.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_add_sub:"00000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f2":"00000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f1":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR + ecp_add_sub #46 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_add_sub:"0000000000000003f28adf9f6396ae3994b971761b2ceba40031ad622ed93874ac034cf71b34e47e4e2aafd310096249e2387a54b1cef3913e7d611d163b764":"0000000000000003f924aec4a53583bff4788955cdb7f4ccde9d231c8a38e7b5d7d255f2b68beef746ccfcd0b77d43a5d02db430267ce8c92b607d554d08ce6":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR From 16a62e312994af29a1f50d1f83388dad4eebf403 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Tue, 11 Apr 2023 16:25:02 +0100 Subject: [PATCH 309/483] Bring over both necessary medium config files (regular and PSA style) from TFM. Signed-off-by: Aditya Deshpande --- configs/crypto_config_profile_medium.h | 115 ++++ .../tfm_mbedcrypto_config_profile_medium.h | 634 ++++++++++++++++++ 2 files changed, 749 insertions(+) create mode 100644 configs/crypto_config_profile_medium.h create mode 100644 configs/tfm_mbedcrypto_config_profile_medium.h diff --git a/configs/crypto_config_profile_medium.h b/configs/crypto_config_profile_medium.h new file mode 100644 index 0000000000..939e2a33e3 --- /dev/null +++ b/configs/crypto_config_profile_medium.h @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2018-2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ +/** + * \file psa/crypto_config.h + * \brief PSA crypto configuration options (set of defines) + * + */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +/** + * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, + * this file determines which cryptographic mechanisms are enabled + * through the PSA Cryptography API (\c psa_xxx() functions). + * + * To enable a cryptographic mechanism, uncomment the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * To disable a cryptographic mechanism, comment out the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * The names of cryptographic mechanisms correspond to values + * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead + * of \c PSA_. + * + * Note that many cryptographic mechanisms involve two symbols: one for + * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm + * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve + * additional symbols. + */ +#else +/** + * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h, + * this file is not used, and cryptographic mechanisms are supported + * through the PSA API if and only if they are supported through the + * mbedtls_xxx API. + */ +#endif + +#ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H +#define PROFILE_M_PSA_CRYPTO_CONFIG_H + +/* + * CBC-MAC is not yet supported via the PSA API in Mbed TLS. + */ +//#define PSA_WANT_ALG_CBC_MAC 1 +//#define PSA_WANT_ALG_CBC_NO_PADDING 1 +//#define PSA_WANT_ALG_CBC_PKCS7 1 +#define PSA_WANT_ALG_CCM 1 +//#define PSA_WANT_ALG_CMAC 1 +//#define PSA_WANT_ALG_CFB 1 +//#define PSA_WANT_ALG_CHACHA20_POLY1305 1 +//#define PSA_WANT_ALG_CTR 1 +#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 +//#define PSA_WANT_ALG_ECB_NO_PADDING 1 +#define PSA_WANT_ALG_ECDH 1 +#define PSA_WANT_ALG_ECDSA 1 +//#define PSA_WANT_ALG_GCM 1 +#define PSA_WANT_ALG_HKDF 1 +#define PSA_WANT_ALG_HMAC 1 +//#define PSA_WANT_ALG_MD5 1 +//#define PSA_WANT_ALG_OFB 1 +/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. + * Note: when adding support, also adjust include/mbedtls/config_psa.h */ +//#define PSA_WANT_ALG_PBKDF2_HMAC 1 +//#define PSA_WANT_ALG_RIPEMD160 1 +//#define PSA_WANT_ALG_RSA_OAEP 1 +//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 +//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 +//#define PSA_WANT_ALG_RSA_PSS 1 +//#define PSA_WANT_ALG_SHA_1 1 +#define PSA_WANT_ALG_SHA_224 1 +#define PSA_WANT_ALG_SHA_256 1 +//#define PSA_WANT_ALG_SHA_384 1 +//#define PSA_WANT_ALG_SHA_512 1 +//#define PSA_WANT_ALG_STREAM_CIPHER 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 +/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. + * Note: when adding support, also adjust include/mbedtls/config_psa.h */ +//#define PSA_WANT_ALG_XTS 1 + +//#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 +//#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 +//#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 +//#define PSA_WANT_ECC_MONTGOMERY_255 1 +//#define PSA_WANT_ECC_MONTGOMERY_448 1 +//#define PSA_WANT_ECC_SECP_K1_192 1 +/* + * SECP224K1 is buggy via the PSA API in Mbed TLS + * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by + * default. + */ +//#define PSA_WANT_ECC_SECP_K1_224 1 +//#define PSA_WANT_ECC_SECP_K1_256 1 +//#define PSA_WANT_ECC_SECP_R1_192 1 +//#define PSA_WANT_ECC_SECP_R1_224 1 +#define PSA_WANT_ECC_SECP_R1_256 1 +//#define PSA_WANT_ECC_SECP_R1_384 1 +//#define PSA_WANT_ECC_SECP_R1_521 1 + +#define PSA_WANT_KEY_TYPE_DERIVE 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 +#define PSA_WANT_KEY_TYPE_AES 1 +//#define PSA_WANT_KEY_TYPE_ARIA 1 +//#define PSA_WANT_KEY_TYPE_CAMELLIA 1 +//#define PSA_WANT_KEY_TYPE_CHACHA20 1 +//#define PSA_WANT_KEY_TYPE_DES 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_RAW_DATA 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 +//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + +#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h new file mode 100644 index 0000000000..5ecfeaa606 --- /dev/null +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -0,0 +1,634 @@ +/** + * \file config.h + * + * \brief Configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. + */ +/* + * Copyright (C) 2006-2022, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef PROFILE_M_MBEDTLS_CONFIG_H +#define PROFILE_M_MBEDTLS_CONFIG_H + +#include "config_tfm.h" + +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +/** + * \name SECTION: System support + * + * This section sets system specific settings. + * \{ + */ + +/** + * \def MBEDTLS_HAVE_ASM + * + * The compiler has support for asm(). + * + * Requires support for asm() in compiler. + * + * Used in: + * library/aria.c + * library/timing.c + * include/mbedtls/bn_mul.h + * + * Required by: + * MBEDTLS_AESNI_C + * MBEDTLS_PADLOCK_C + * + * Comment to disable the use of assembly code. + */ +#define MBEDTLS_HAVE_ASM + +/** + * \def MBEDTLS_PLATFORM_MEMORY + * + * Enable the memory allocation layer. + * + * By default mbed TLS uses the system-provided calloc() and free(). + * This allows different allocators (self-implemented or provided) to be + * provided to the platform abstraction layer. + * + * Enabling MBEDTLS_PLATFORM_MEMORY without the + * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide + * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and + * free() function pointer at runtime. + * + * Enabling MBEDTLS_PLATFORM_MEMORY and specifying + * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the + * alternate function at compile time. + * + * Requires: MBEDTLS_PLATFORM_C + * + * Enable this layer to allow use of alternative memory allocators. + */ +#define MBEDTLS_PLATFORM_MEMORY + +/* \} name SECTION: System support */ + +/** + * \name SECTION: mbed TLS feature support + * + * This section sets support for features that are or are not needed + * within the modules that are enabled. + * \{ + */ + +/** + * \def MBEDTLS_MD2_PROCESS_ALT + * + * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you + * alternate core implementation of symmetric crypto or hash function. Keep in + * mind that function prototypes should remain the same. + * + * This replaces only one function. The header file from mbed TLS is still + * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. + * + * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will + * no longer provide the mbedtls_sha1_process() function, but it will still provide + * the other function (using your mbedtls_sha1_process() function) and the definition + * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible + * with this definition. + * + * \note Because of a signature change, the core AES encryption and decryption routines are + * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, + * respectively. When setting up alternative implementations, these functions should + * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * must stay untouched. + * + * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + * + * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use + * constitutes a security risk. If possible, we recommend avoiding + * dependencies on them, and considering stronger message digests + * and ciphers instead. + * + */ +#define MBEDTLS_AES_SETKEY_DEC_ALT +#define MBEDTLS_AES_DECRYPT_ALT + +/** + * \def MBEDTLS_AES_ROM_TABLES + * + * Use precomputed AES tables stored in ROM. + * + * Uncomment this macro to use precomputed AES tables stored in ROM. + * Comment this macro to generate AES tables in RAM at runtime. + * + * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb + * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the + * initialization time before the first AES operation can be performed. + * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c + * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded + * performance if ROM access is slower than RAM access. + * + * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. + * + */ +#define MBEDTLS_AES_ROM_TABLES + +/** + * \def MBEDTLS_AES_FEWER_TABLES + * + * Use less ROM/RAM for AES tables. + * + * Uncommenting this macro omits 75% of the AES tables from + * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) + * by computing their values on the fly during operations + * (the tables are entry-wise rotations of one another). + * + * Tradeoff: Uncommenting this reduces the RAM / ROM footprint + * by ~6kb but at the cost of more arithmetic operations during + * runtime. Specifically, one has to compare 4 accesses within + * different tables to 4 accesses with additional arithmetic + * operations within the same table. The performance gain/loss + * depends on the system and memory details. + * + * This option is independent of \c MBEDTLS_AES_ROM_TABLES. + * + */ +#define MBEDTLS_AES_FEWER_TABLES + +/** + * \def MBEDTLS_ECP_NIST_OPTIM + * + * Enable specific 'modulo p' routines for each NIST prime. + * Depending on the prime and architecture, makes operations 4 to 8 times + * faster on the corresponding curve. + * + * Comment this macro to disable NIST curves optimisation. + */ +#define MBEDTLS_ECP_NIST_OPTIM + +/** + * \def MBEDTLS_ERROR_STRERROR_DUMMY + * + * Enable a dummy error function to make use of mbedtls_strerror() in + * third party libraries easier when MBEDTLS_ERROR_C is disabled + * (no effect when MBEDTLS_ERROR_C is enabled). + * + * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're + * not using mbedtls_strerror() or error_strerror() in your application. + * + * Disable if you run into name conflicts and want to really remove the + * mbedtls_strerror() + */ +#define MBEDTLS_ERROR_STRERROR_DUMMY + +/** + * \def MBEDTLS_NO_PLATFORM_ENTROPY + * + * Do not use built-in platform entropy functions. + * This is useful if your platform does not support + * standards like the /dev/urandom or Windows CryptoAPI. + * + * Uncomment this macro to disable the built-in platform entropy functions. + */ +#define MBEDTLS_NO_PLATFORM_ENTROPY + +/** + * \def MBEDTLS_ENTROPY_NV_SEED + * + * Enable the non-volatile (NV) seed file-based entropy source. + * (Also enables the NV seed read/write functions in the platform layer) + * + * This is crucial (if not required) on systems that do not have a + * cryptographic entropy source (in hardware or kernel) available. + * + * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C + * + * \note The read/write functions that are used by the entropy source are + * determined in the platform layer, and can be modified at runtime and/or + * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. + * + * \note If you use the default implementation functions that read a seedfile + * with regular fopen(), please make sure you make a seedfile with the + * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at + * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from + * and written to or you will get an entropy source error! The default + * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE + * bytes from the file. + * + * \note The entropy collector will write to the seed file before entropy is + * given to an external source, to update it. + */ +#define MBEDTLS_ENTROPY_NV_SEED + +/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + * + * Enable key identifiers that encode a key owner identifier. + * + * This is only meaningful when building the library as part of a + * multi-client service. When you activate this option, you must provide an + * implementation of the type mbedtls_key_owner_id_t and a translation from + * mbedtls_svc_key_id_t to file name in all the storage backends that you + * you wish to support. + * + * Note that this option is meant for internal use only and may be removed + * without notice. + */ +#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + +/** + * \def MBEDTLS_PSA_CRYPTO_SPM + * + * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure + * Partition Manager) integration which separates the code into two parts: a + * NSPE (Non-Secure Process Environment) and an SPE (Secure Process + * Environment). + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +#define MBEDTLS_PSA_CRYPTO_SPM + +/** + * \def MBEDTLS_SHA256_SMALLER + * + * Enable an implementation of SHA-256 that has lower ROM footprint but also + * lower performance. + * + * The default implementation is meant to be a reasonnable compromise between + * performance and size. This version optimizes more aggressively for size at + * the expense of performance. Eg on Cortex-M4 it reduces the size of + * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about + * 30%. + * + * Uncomment to enable the smaller implementation of SHA256. + */ +#define MBEDTLS_SHA256_SMALLER + +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG + * + * This setting allows support for cryptographic mechanisms through the PSA + * API to be configured separately from support through the mbedtls API. + * + * When this option is disabled, the PSA API exposes the cryptographic + * mechanisms that can be implemented on top of the `mbedtls_xxx` API + * configured with `MBEDTLS_XXX` symbols. + * + * When this option is enabled, the PSA API exposes the cryptographic + * mechanisms requested by the `PSA_WANT_XXX` symbols defined in + * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are + * automatically enabled if required (i.e. if no PSA driver provides the + * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols + * in mbedtls_config.h. + * + * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies + * an alternative header to include instead of include/psa/crypto_config.h. + * + * This feature is still experimental and is not ready for production since + * it is not completed. + */ +#define MBEDTLS_PSA_CRYPTO_CONFIG + +/* \} name SECTION: mbed TLS feature support */ + +/** + * \name SECTION: mbed TLS modules + * + * This section enables or disables entire modules in mbed TLS + * \{ + */ + +/** + * \def MBEDTLS_AES_C + * + * Enable the AES block cipher. + * + * Module: library/aes.c + * Caller: library/cipher.c + * library/pem.c + * library/ctr_drbg.c + * + * This module is required to support the TLS ciphersuites that use the AES + * cipher. + * + * PEM_PARSE uses AES for decrypting encrypted keys. + */ +#define MBEDTLS_AES_C + +/** + * \def MBEDTLS_CIPHER_C + * + * Enable the generic cipher layer. + * + * Module: library/cipher.c + * + * Uncomment to enable generic cipher wrappers. + */ +#define MBEDTLS_CIPHER_C + +/** + * \def MBEDTLS_CTR_DRBG_C + * + * Enable the CTR_DRBG AES-based random generator. + * The CTR_DRBG generator uses AES-256 by default. + * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below. + * + * Module: library/ctr_drbg.c + * Caller: + * + * Requires: MBEDTLS_AES_C + * + * This module provides the CTR_DRBG AES random number generator. + */ +#define MBEDTLS_CTR_DRBG_C + +/** + * \def MBEDTLS_ENTROPY_C + * + * Enable the platform-specific entropy code. + * + * Module: library/entropy.c + * Caller: + * + * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C + * + * This module provides a generic entropy pool + */ +#define MBEDTLS_ENTROPY_C + +/** + * \def MBEDTLS_ERROR_C + * + * Enable error code to error string conversion. + * + * Module: library/error.c + * Caller: + * + * This module enables mbedtls_strerror(). + */ +#define MBEDTLS_ERROR_C + +/** + * \def MBEDTLS_HKDF_C + * + * Enable the HKDF algorithm (RFC 5869). + * + * Module: library/hkdf.c + * Caller: + * + * Requires: MBEDTLS_MD_C + * + * This module adds support for the Hashed Message Authentication Code + * (HMAC)-based key derivation function (HKDF). + */ +#define MBEDTLS_HKDF_C /* Used for HUK deriviation */ + +/** + * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C + * + * Enable the buffer allocator implementation that makes use of a (stack) + * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() + * calls) + * + * Module: library/memory_buffer_alloc.c + * + * Requires: MBEDTLS_PLATFORM_C + * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) + * + * Enable this module to enable the buffer memory allocator. + */ +#define MBEDTLS_MEMORY_BUFFER_ALLOC_C + +/** + * \def MBEDTLS_PK_C + * + * Enable the generic public (asymetric) key layer. + * + * Module: library/pk.c + * + * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C + * + * Uncomment to enable generic public key wrappers. + */ +#define MBEDTLS_PK_C + +/** + * \def MBEDTLS_PK_PARSE_C + * + * Enable the generic public (asymetric) key parser. + * + * Module: library/pkparse.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key parse functions. + */ +#define MBEDTLS_PK_PARSE_C + +/** + * \def MBEDTLS_PK_WRITE_C + * + * Enable the generic public (asymetric) key writer. + * + * Module: library/pkwrite.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key write functions. + */ +#define MBEDTLS_PK_WRITE_C + +/** + * \def MBEDTLS_PLATFORM_C + * + * Enable the platform abstraction layer that allows you to re-assign + * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). + * + * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT + * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned + * above to be specified at runtime or compile time respectively. + * + * \note This abstraction layer must be enabled on Windows (including MSYS2) + * as other module rely on it for a fixed snprintf implementation. + * + * Module: library/platform.c + * Caller: Most other .c files + * + * This module enables abstraction of common (libc) functions. + */ +#define MBEDTLS_PLATFORM_C + +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#define MBEDTLS_PLATFORM_STD_MEM_HDR + +#include + +#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf +#define MBEDTLS_PLATFORM_PRINTF_ALT +#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE + +/** + * \def MBEDTLS_PSA_CRYPTO_C + * + * Enable the Platform Security Architecture cryptography API. + * + * Module: library/psa_crypto.c + * + * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C + * + */ +#define MBEDTLS_PSA_CRYPTO_C + +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_C + * + * Enable the Platform Security Architecture persistent key storage. + * + * Module: library/psa_crypto_storage.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, + * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of + * the PSA ITS interface + */ +#define MBEDTLS_PSA_CRYPTO_STORAGE_C + +/* \} name SECTION: mbed TLS modules */ + +/** + * \name SECTION: General configuration options + * + * This section contains Mbed TLS build settings that are not associated + * with a particular module. + * + * \{ + */ + +/** + * \def MBEDTLS_CONFIG_FILE + * + * If defined, this is a header which will be included instead of + * `"mbedtls/mbedtls_config.h"`. + * This header file specifies the compile-time configuration of Mbed TLS. + * Unlike other configuration options, this one must be defined on the + * compiler command line: a definition in `mbedtls_config.h` would have + * no effect. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" + +/** + * \def MBEDTLS_USER_CONFIG_FILE + * + * If defined, this is a header which will be included after + * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE. + * This allows you to modify the default configuration, including the ability + * to undefine options that are enabled by default. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" + +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_config.h"`. + * This header file specifies which cryptographic mechanisms are available + * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and + * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h" + +/** + * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE + * + * If defined, this is a header which will be included after + * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE. + * This allows you to modify the default configuration, including the ability + * to undefine options that are enabled by default. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" + +/** \} name SECTION: General configuration options */ + +/** + * \name SECTION: Module configuration options + * + * This section allows for the setting of module specific sizes and + * configuration options. The default values are already present in the + * relevant header files and should suffice for the regular use cases. + * + * Our advice is to enable options and change their values here + * only if you have a good reason and know the consequences. + * + * Please check the respective header file for documentation on these + * parameters (to prevent duplicate documentation). + * \{ + */ + +/* ECP options */ +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */ + +/* \} name SECTION: Customisation configuration options */ + +#if CRYPTO_NV_SEED +#include "tfm_mbedcrypto_config_extra_nv_seed.h" +#endif /* CRYPTO_NV_SEED */ + +#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED) +#include "mbedtls_entropy_nv_seed_config.h" +#endif + +#ifdef CRYPTO_HW_ACCELERATOR +#include "mbedtls_accelerator_config.h" +#endif + +#endif /* PROFILE_M_MBEDTLS_CONFIG_H */ From 2f1ae5a86ebd67faa50c3983b4567656c2234674 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Tue, 11 Apr 2023 16:43:08 +0100 Subject: [PATCH 310/483] Modify TFM files to allow them to build on baremetal with Mbed TLS and fix code style. Also change the include path of crypto_spe.h in crypto_platform.h to allow the former file to be included in library-only builds. Signed-off-by: Aditya Deshpande --- .../tfm_mbedcrypto_config_profile_medium.h | 25 ++++++++----------- include/psa/crypto_platform.h | 2 +- 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h index 5ecfeaa606..b581f1f62a 100644 --- a/configs/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -29,8 +29,6 @@ #ifndef PROFILE_M_MBEDTLS_CONFIG_H #define PROFILE_M_MBEDTLS_CONFIG_H -#include "config_tfm.h" - #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif @@ -239,7 +237,9 @@ * \note The entropy collector will write to the seed file before entropy is * given to an external source, to update it. */ -#define MBEDTLS_ENTROPY_NV_SEED +// This macro is enabled in TFM Medium but is disabled here because it is +// incompatible with baremetal builds in Mbed TLS. +//#define MBEDTLS_ENTROPY_NV_SEED /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER * @@ -251,8 +251,10 @@ * mbedtls_svc_key_id_t to file name in all the storage backends that you * you wish to support. * - * Note that this option is meant for internal use only and may be removed - * without notice. + * Note that while this define has been removed from TF-M's copy of this config + * file, TF-M still passes this option to Mbed TLS during the build via CMake. + * Therefore we keep it in our copy. See discussion on PR #7426 for more info. + * */ #define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER @@ -480,15 +482,6 @@ */ #define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -#define MBEDTLS_PLATFORM_STD_MEM_HDR - -#include - -#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf -#define MBEDTLS_PLATFORM_PRINTF_ALT -#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /** * \def MBEDTLS_PSA_CRYPTO_C @@ -513,7 +506,9 @@ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of * the PSA ITS interface */ -#define MBEDTLS_PSA_CRYPTO_STORAGE_C +// This macro is enabled in TFM Medium but is disabled here because it is +// incompatible with baremetal builds in Mbed TLS. +//#define MBEDTLS_PSA_CRYPTO_STORAGE_C /* \} name SECTION: mbed TLS modules */ diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index ee41c897f6..35a42f825a 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -83,7 +83,7 @@ static inline int mbedtls_key_owner_id_equal(mbedtls_key_owner_id_t id1, */ #if defined(MBEDTLS_PSA_CRYPTO_SPM) #define PSA_CRYPTO_SECURE 1 -#include "crypto_spe.h" +#include "../tests/include/spe/crypto_spe.h" #endif // MBEDTLS_PSA_CRYPTO_SPM #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) From c2c967b1f03dc5f592e886aecca0b407d53fc7ed Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 11 May 2023 09:59:05 +0100 Subject: [PATCH 311/483] ecp.py: Added tests for `mbedtls_ecp_mod_p255_raw` This patch introduces the `EcpP255Raw` test class for testing the curve using the preestablished `ecp_mod_p_generic_raw()` test. The test's logic has been updated accordingly. Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/ecp.py | 82 ++++++++++++++++++++++++++++ tests/suites/test_suite_ecp.function | 7 +++ 2 files changed, 89 insertions(+) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index c9fb5e55e8..9d882819c8 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -711,6 +711,88 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon, return ["MBEDTLS_ECP_DP_SECP256K1"] + args +class EcpP255Raw(bignum_common.ModOperationCommon, + EcpTarget): + """Test cases for ECP 25519 fast reduction.""" + symbol = "-" + test_function = "ecp_mod_p_generic_raw" + test_name = "mbedtls_ecp_mod_p255_raw" + input_style = "fixed" + arity = 1 + dependencies = ["MBEDTLS_ECP_DP_CURVE25519_ENABLED"] + + moduli = [("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed")] # type: List[str] + + input_values = [ + "0", "1", + + # Modulus - 1 + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffec"), + + # Modulus + 1 + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffee"), + + # 2^255 - 1 + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffff"), + + # Maximum canonical P255 multiplication result + ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffec000000000000000000000000000000000000000000000000" + "0000000000000190"), + + # First 8 number generated by random.getrandbits(510) - seed(2,2) + ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5" + "e341245c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4" + "bb99f4bea973"), + ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e" + "405d93ffed9235288bc781ae66267594c9c9500925e4749b575bd13653" + "f8dd9b1f282e"), + ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09" + "325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f" + "57ebf30b94fa"), + ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c" + "7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71" + "c4a66148a86f"), + ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4" + "c11ab2fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14" + "bc4a829e07b0"), + ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf6" + "3f23d0dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3f" + "d983c34c769f"), + ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80" + "371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a8" + "3ee0761ebfd2"), + ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9" + "492f258ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e736" + "95c3e652c71a"), + + # Next 2 number generated by random.getrandbits(255) + ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3" + "172062"), + ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9" + "500ec9"), + ] + + @property + def arg_a(self) -> str: + return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) + + def result(self) -> List[str]: + result = self.int_a % self.int_n + return [self.format_result(result)] + + @property + def is_valid(self) -> bool: + return True + + def arguments(self): + args = super().arguments() + return ["MBEDTLS_ECP_DP_CURVE25519"] + args + + class EcpP448Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ECP P448 fast reduction.""" diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 250efcc673..cc8a3271e9 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1348,6 +1348,13 @@ void ecp_mod_p_generic_raw(int curve_id, curve_bits = 256; curve_func = &mbedtls_ecp_mod_p256k1_raw; break; +#endif +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + case MBEDTLS_ECP_DP_CURVE25519: + limbs = 2 * limbs_N; + curve_bits = 255; + curve_func = &mbedtls_ecp_mod_p255_raw; + break; #endif default: mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__); From aada68f1bef17976d5f7ce11980bdfe7ca14f221 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 May 2023 17:10:16 +0100 Subject: [PATCH 312/483] ecp.py: Fixed types for `arguments()` overrides. Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/ecp.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 9d882819c8..7626eda409 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -97,7 +97,7 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP192R1"] + args @@ -174,7 +174,7 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP224R1"] + args @@ -258,7 +258,7 @@ class EcpP256R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP256R1"] + args @@ -380,7 +380,7 @@ class EcpP384R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP384R1"] + args @@ -485,7 +485,7 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP521R1"] + args @@ -721,18 +721,19 @@ class EcpP255Raw(bignum_common.ModOperationCommon, arity = 1 dependencies = ["MBEDTLS_ECP_DP_CURVE25519_ENABLED"] - moduli = [("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed")] # type: List[str] + moduli = [("7fffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffed")] # type: List[str] input_values = [ "0", "1", # Modulus - 1 ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffec"), + "ffffffec"), # Modulus + 1 ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffee"), + "ffffffee"), # 2^255 - 1 ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" @@ -788,7 +789,7 @@ class EcpP255Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_CURVE25519"] + args From 2daa374ea868a48e0dbd8de6f03d54f62ae90bd2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 17 May 2023 15:01:08 +0100 Subject: [PATCH 313/483] ecp_curves: Minor refactoring of `mbedtls_ecp_mod_p255_raw()` * Fixed whitespace issues. * Renamed variables to align with bignum conventions. * Updated alignment on test input data. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 24 ++++++--------- scripts/mbedtls_dev/ecp.py | 60 +++++++++++++++----------------------- 2 files changed, 32 insertions(+), 52 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 98e2f95196..fe62fec4d6 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5420,7 +5420,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p255(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((256 + biL - 1) / biL); + size_t expected_width = 2 * ((255 + biL - 1) / biL); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); cleanup: @@ -5433,32 +5433,26 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) mbedtls_mpi_uint carry[P255_WIDTH]; memset(carry, 0, sizeof(mbedtls_mpi_uint) * P255_WIDTH); - if (X_Limbs > 2*P255_WIDTH) { - X_Limbs = 2*P255_WIDTH; - } else if (X_Limbs < P255_WIDTH) { - return 0; - } - /* Step 1: Reduction to P255_WIDTH limbs */ if (X_Limbs > P255_WIDTH) { - /* Helper references for top part of N */ - mbedtls_mpi_uint * const NT_p = X + P255_WIDTH; - const size_t NT_n = X_Limbs - P255_WIDTH; + /* Helper references for top part of X */ + mbedtls_mpi_uint * const A1 = X + P255_WIDTH; + const size_t A1_limbs = X_Limbs - P255_WIDTH; - /* N = A0 + 38 * A1, capture carry out */ - carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, NT_p, NT_n, 38); + /* X = A0 + 38 * A1, capture carry out */ + carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38); /* Clear top part */ - memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); + memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs); } /* Step 2: Reduce to

> (biL - 1)); + carry[0] += (X[P255_WIDTH - 1] >> (biL - 1)); carry[0] *= 19; /* Clear top bit */ - X[P255_WIDTH-1] <<= 1; X[P255_WIDTH-1] >>= 1; + X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1; (void) mbedtls_mpi_core_add(X, X, &carry[0], P255_WIDTH); return 0; diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 7626eda409..02db438a72 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -728,53 +728,39 @@ class EcpP255Raw(bignum_common.ModOperationCommon, "0", "1", # Modulus - 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffec"), + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"), # Modulus + 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffee"), + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee"), # 2^255 - 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffff"), + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), # Maximum canonical P255 multiplication result - ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffec000000000000000000000000000000000000000000000000" - "0000000000000190"), + ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec" + "0000000000000000000000000000000000000000000000000000000000000190"), # First 8 number generated by random.getrandbits(510) - seed(2,2) - ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5" - "e341245c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4" - "bb99f4bea973"), - ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e" - "405d93ffed9235288bc781ae66267594c9c9500925e4749b575bd13653" - "f8dd9b1f282e"), - ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09" - "325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f" - "57ebf30b94fa"), - ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c" - "7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71" - "c4a66148a86f"), - ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4" - "c11ab2fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14" - "bc4a829e07b0"), - ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf6" - "3f23d0dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3f" - "d983c34c769f"), - ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80" - "371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a8" - "3ee0761ebfd2"), - ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9" - "492f258ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e736" - "95c3e652c71a"), + ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124" + "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), + ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93" + "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"), + ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626" + "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"), + ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578" + "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"), + ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2" + "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"), + ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0" + "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"), + ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9" + "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"), + ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25" + "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"), # Next 2 number generated by random.getrandbits(255) - ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3" - "172062"), - ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9" - "500ec9"), + ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062"), + ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"), ] @property From 65c386ee3dd6423622f5152cc6e5400b23dbb62b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 17 May 2023 18:18:13 +0100 Subject: [PATCH 314/483] ecp_curves: Switched to dynamic memory for Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index fe62fec4d6..16800aadc8 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -22,6 +22,7 @@ #if defined(MBEDTLS_ECP_LIGHT) #include "mbedtls/ecp.h" +#include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -5430,8 +5431,10 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) { - mbedtls_mpi_uint carry[P255_WIDTH]; - memset(carry, 0, sizeof(mbedtls_mpi_uint) * P255_WIDTH); + mbedtls_mpi_uint *carry = mbedtls_calloc(P255_WIDTH, ciL); + if (carry == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; + } /* Step 1: Reduction to P255_WIDTH limbs */ if (X_Limbs > P255_WIDTH) { @@ -5440,21 +5443,22 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) const size_t A1_limbs = X_Limbs - P255_WIDTH; /* X = A0 + 38 * A1, capture carry out */ - carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38); + *carry = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38); /* Clear top part */ memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs); } /* Step 2: Reduce to

> (biL - 1)); - carry[0] *= 19; + *carry <<= 1; + *carry += (X[P255_WIDTH - 1] >> (biL - 1)); + *carry *= 19; /* Clear top bit */ X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1; - (void) mbedtls_mpi_core_add(X, X, &carry[0], P255_WIDTH); + (void) mbedtls_mpi_core_add(X, X, carry, P255_WIDTH); + mbedtls_free(carry); return 0; } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ From 31f0b452c7b76531ff1d6cf1851ae159f76d1b3c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 18 May 2023 11:08:50 +0100 Subject: [PATCH 315/483] ecp_curves: Reintroduced input checking for Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 16800aadc8..1808152920 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5431,6 +5431,13 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) { + + if (X_Limbs > 2*P255_WIDTH) { + X_Limbs = 2*P255_WIDTH; + } else if (X_Limbs < P255_WIDTH) { + return 0; + } + mbedtls_mpi_uint *carry = mbedtls_calloc(P255_WIDTH, ciL); if (carry == NULL) { return MBEDTLS_ERR_ECP_ALLOC_FAILED; From 47249fd9ec96167b9caf91769fc55463f77ce6f6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 18 May 2023 16:16:17 +0100 Subject: [PATCH 316/483] ecp_curves: Added documentation for mbedtls_ecp_mod_p255_raw Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 2 +- library/ecp_invasive.h | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 1808152920..2ad14e1086 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5435,7 +5435,7 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) if (X_Limbs > 2*P255_WIDTH) { X_Limbs = 2*P255_WIDTH; } else if (X_Limbs < P255_WIDTH) { - return 0; + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } mbedtls_mpi_uint *carry = mbedtls_calloc(P255_WIDTH, ciL); diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index bea002c35a..e73bdb1ef9 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -243,6 +243,22 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +/** Fast quasi-reduction modulo p255 = 2^255 - 19 + * + * \param[in,out] X The address of the MPI to be converted. + * Must have exact limb size that stores a 510-bit MPI + * (double the bitlength of the modulus). + * Upon return holds the reduced value which is + * in range `0 <= X < 2 * N` (where N is the modulus). + * The bitlength of the reduced value is the same as + * that of the modulus (255 bits). + * \param[in] X_limbs The length of \p X in limbs. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X does not have + * twice as many limbs as the modulus. + * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed. + */ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs); From d6beda7af973f2d8fa6b0ec6eb903f3ad3176df5 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 22 May 2023 11:23:56 +0100 Subject: [PATCH 317/483] ecp_curves: Extended documentation for CURVE25519. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 9 ++++++++- library/ecp_invasive.h | 2 -- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 2ad14e1086..c9868f39d2 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5455,7 +5455,7 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs); } - /* Step 2: Reduce to

> (biL - 1)); @@ -5463,6 +5463,13 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) /* Clear top bit */ X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1; + /* Since the top bit for X has been cleared 0 + 0 + Carry + * will not overflow. + * + * Furthermore for 2p = 2^256-38. When a carry propagation on the highest + * limb occurs, X > 2^255 and all the remaining bits on the limb are zero. + * - If X < 2^255 ==> X < 2p + * - If X > 2^255 ==> X < 2^256 - 2^255 < 2p */ (void) mbedtls_mpi_core_add(X, X, carry, P255_WIDTH); mbedtls_free(carry); diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index e73bdb1ef9..746eea16eb 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -250,8 +250,6 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); * (double the bitlength of the modulus). * Upon return holds the reduced value which is * in range `0 <= X < 2 * N` (where N is the modulus). - * The bitlength of the reduced value is the same as - * that of the modulus (255 bits). * \param[in] X_limbs The length of \p X in limbs. * * \return \c 0 on success. From 8a6225062a9887ffd3b7738df6ba2ec63b6edd53 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:46:38 +0200 Subject: [PATCH 318/483] pk: move PSA error translation macros to internal header Signed-off-by: Valerio Setti --- library/pk.c | 7 ------- library/pk_internal.h | 11 +++++++++++ library/pk_wrap.c | 7 ------- 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/library/pk.c b/library/pk.c index 9c4aa16a6b..5ed485bafb 100644 --- a/library/pk.c +++ b/library/pk.c @@ -42,13 +42,6 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" -#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) -#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_rsa_errors, \ - psa_pk_status_to_mbedtls) -#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_ecdsa_errors, \ - psa_pk_status_to_mbedtls) #endif #include diff --git a/library/pk_internal.h b/library/pk_internal.h index dbb7bc1659..e47a0a95d3 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -33,6 +33,17 @@ #include "psa/crypto.h" #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "mbedtls/psa_util.h" +#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) +#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_rsa_errors, \ + psa_pk_status_to_mbedtls) +#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_ecdsa_errors, \ + psa_pk_status_to_mbedtls) +#endif + #if defined(MBEDTLS_ECP_LIGHT) /** * Public function mbedtls_pk_ec() can be used to get direct access to the diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 3a3d3998b0..45ded6e2bc 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -43,13 +43,6 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" -#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) -#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_rsa_errors, \ - psa_pk_status_to_mbedtls) -#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_ecdsa_errors, \ - psa_pk_status_to_mbedtls) #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) From e0e6311b64223e55214897ea1057b1bd42b57070 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:48:07 +0200 Subject: [PATCH 319/483] pk: change location of Montgomery helpers This is to have them available only where they are really required. Signed-off-by: Valerio Setti --- library/pk_internal.h | 28 ++++++++++++---------------- library/pkparse.c | 6 ++++++ library/pkwrite.c | 20 ++++++++++++++++++++ 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index e47a0a95d3..8d4b005710 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -81,24 +81,20 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) } } -/* Helpers for Montgomery curves */ +static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk) +{ + mbedtls_ecp_group_id id; +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + id = mbedtls_pk_ec_ro(*pk)->grp.id; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + return id; +} + +/* Helper for Montgomery curves */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #define MBEDTLS_PK_HAVE_RFC8410_CURVES - -static inline int mbedtls_pk_is_rfc8410_curve(mbedtls_ecp_group_id id) -{ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - if (id == MBEDTLS_ECP_DP_CURVE25519) { - return 1; - } -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - if (id == MBEDTLS_ECP_DP_CURVE448) { - return 1; - } -#endif - return 0; -} #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ #endif /* MBEDTLS_ECP_LIGHT */ diff --git a/library/pkparse.c b/library/pkparse.c index 9bc88015af..c2ececb44c 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -63,6 +63,12 @@ #include "mbedtls/platform.h" +/* Helper for Montgomery curves */ +#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ + ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) +#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ + #if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. diff --git a/library/pkwrite.c b/library/pkwrite.c index 3577fa1a0f..e89baaf256 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -57,6 +57,26 @@ #endif #include "mbedtls/platform.h" +/* Helper for Montgomery curves */ +#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) +{ + mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk); + +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + if (id == MBEDTLS_ECP_DP_CURVE25519) { + return 1; + } +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + if (id == MBEDTLS_ECP_DP_CURVE448) { + return 1; + } +#endif + return 0; +} +#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ + #if defined(MBEDTLS_RSA_C) /* * RSAPublicKey ::= SEQUENCE { From b536126183e1ae58f3b44990b4ef98e964e26aac Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:51:58 +0200 Subject: [PATCH 320/483] pk: manage allocate and free space when working with PSA private key Allocation does not need to perform any action since the priv_id field is already present on the pk_context. Free should destroy the key. Of course this is true only if the key is not opaque (because in that case it's the user responsibility to do so). Signed-off-by: Valerio Setti --- library/pk.c | 10 +++++++++- library/pk_wrap.c | 21 +++++++++++++++++++-- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/library/pk.c b/library/pk.c index 5ed485bafb..77012e1578 100644 --- a/library/pk.c +++ b/library/pk.c @@ -78,6 +78,14 @@ void mbedtls_pk_free(mbedtls_pk_context *ctx) ctx->pk_info->ctx_free_func(ctx->pk_ctx); } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + /* The ownership of the priv_id key for opaque keys is external of the PK + * module. It's the user responsibility to clear it after use. */ + if ((ctx->pk_info != NULL) && (ctx->pk_info->type != MBEDTLS_PK_OPAQUE)) { + psa_destroy_key(ctx->priv_id); + } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context)); } @@ -143,7 +151,7 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - if ((info->ctx_alloc_func == NULL) || + if ((info->ctx_alloc_func != NULL) && ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL)) { return MBEDTLS_ERR_PK_ALLOC_FAILED; } diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 45ded6e2bc..7f5e751a9b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1214,6 +1214,7 @@ static int eckey_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv, #endif } +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) static void *eckey_alloc_wrap(void) { void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); @@ -1230,6 +1231,7 @@ static void eckey_free_wrap(void *ctx) mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx); mbedtls_free(ctx); } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ static void eckey_debug(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items) { @@ -1267,8 +1269,13 @@ const mbedtls_pk_info_t mbedtls_eckey_info = { NULL, NULL, eckey_check_pair, +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + NULL, + NULL, +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ eckey_alloc_wrap, eckey_free_wrap, +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) eckey_rs_alloc, eckey_rs_free, @@ -1299,8 +1306,13 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { NULL, NULL, eckey_check_pair, - eckey_alloc_wrap, /* Same underlying key structure */ - eckey_free_wrap, /* Same underlying key structure */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + NULL, + NULL, +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + eckey_alloc_wrap, /* Same underlying key structure */ + eckey_free_wrap, /* Same underlying key structure */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, NULL, @@ -1389,8 +1401,13 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = { NULL, NULL, eckey_check_pair, /* Compatible key structures */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + NULL, + NULL, +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ eckey_alloc_wrap, /* Compatible key structures */ eckey_free_wrap, /* Compatible key structures */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) ecdsa_rs_alloc, ecdsa_rs_free, From 00e8dd15d2cc7960fc58b049b850b0f03329fa0d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:56:59 +0200 Subject: [PATCH 321/483] pk: manage parse and write for the new format Signed-off-by: Valerio Setti --- library/pkparse.c | 124 ++++++++++++++++++++++++++++++++++++---------- library/pkwrite.c | 53 +++++++++++++++----- 2 files changed, 138 insertions(+), 39 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index c2ececb44c..18b40ceb84 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -514,6 +514,9 @@ static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *p #endif } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + ret = pk_update_psa_ecparams(pk, grp_id); +#else /* grp may already be initialized; if so, make sure IDs match */ if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { @@ -524,8 +527,6 @@ static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *p grp_id)) != 0) { return ret; } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_update_psa_ecparams(pk, grp_id); #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ return ret; @@ -539,20 +540,26 @@ static int pk_derive_public_key(mbedtls_pk_context *pk, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret; - mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status, destruction_status; + psa_status_t status; + (void) f_rng; + (void) p_rng; +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + (void) d; + (void) d_len; + + status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), + &pk->pub_raw_len); + ret = psa_pk_status_to_mbedtls(status); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; + unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t key_len; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(eck->grp.id, &curve_bits); -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; - size_t key_len; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - - (void) f_rng; - (void) p_rng; + psa_status_t destruction_status; psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); @@ -563,12 +570,7 @@ static int pk_derive_public_key(mbedtls_pk_context *pk, return ret; } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - status = psa_export_public_key(key_id, pk->pub_raw, sizeof(pk->pub_raw), - &pk->pub_raw_len); -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ ret = psa_pk_status_to_mbedtls(status); destruction_status = psa_destroy_key(key_id); if (ret != 0) { @@ -576,10 +578,10 @@ static int pk_derive_public_key(mbedtls_pk_context *pk, } else if (destruction_status != PSA_SUCCESS) { return psa_pk_status_to_mbedtls(destruction_status); } -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) ret = mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #else /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; (void) d; (void) d_len; @@ -597,21 +599,21 @@ static int pk_use_ecparams_rfc8410(const mbedtls_asn1_buf *params, mbedtls_ecp_group_id grp_id, mbedtls_pk_context *pk) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); int ret; if (params->tag != 0 || params->len != 0) { return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + ret = pk_update_psa_ecparams(pk, grp_id); +#else + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); ret = mbedtls_ecp_group_load(&(ecp->grp), grp_id); if (ret != 0) { return ret; } - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_update_psa_ecparams(pk, grp_id); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif return ret; } @@ -624,7 +626,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, unsigned char *key, size_t keylen, const unsigned char *end, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -636,23 +637,54 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); + /* Setting largest masks for usage and key algorithms */ + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_EXPORT); +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_set_key_algorithm(&attributes, + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); +#else + psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); +#endif + + status = psa_import_key(&attributes, key, len, &pk->priv_id); + if (status != PSA_SUCCESS) { + ret = psa_pk_status_to_mbedtls(status); + return ret; + } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); + if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) { mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* pk_parse_key_pkcs8_unencrypted_der() only supports version 1 PKCS8 keys, * which never contain a public key. As such, derive the public key * unconditionally. */ if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) { +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_ecp_keypair_free(eck); +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return ret; } + /* When MBEDTLS_PK_USE_PSA_EC_DATA the key is checked while importing it + * into PSA. */ +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { mbedtls_ecp_keypair_free(eck); return ret; } +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return 0; } @@ -926,7 +958,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_ECP_LIGHT) if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) { + if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, pk); } else #endif @@ -1158,6 +1190,12 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, unsigned char *end = p + keylen; unsigned char *end2; mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + uint8_t priv_key_raw[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + size_t priv_key_len; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* * RFC 5915, or SEC1 Appendix C.4 @@ -1190,10 +1228,19 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, d = p; d_len = len; + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (len > MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + memcpy(priv_key_raw, p, len); + priv_key_len = len; +#else if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } +#endif p += len; @@ -1252,6 +1299,27 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); + /* Setting largest masks for usage and key algorithms */ + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_EXPORT); +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_set_key_algorithm(&attributes, + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); +#else + psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); +#endif + + status = psa_import_key(&attributes, priv_key_raw, priv_key_len, + &pk->priv_id); + if (status != PSA_SUCCESS) { + ret = psa_pk_status_to_mbedtls(status); + return ret; + } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + if (!pubkey_done) { if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) { mbedtls_ecp_keypair_free(eck); @@ -1259,10 +1327,12 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } } +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { mbedtls_ecp_keypair_free(eck); return ret; } +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return 0; } @@ -1363,7 +1433,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_ECP_LIGHT) if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) { + if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { if ((ret = pk_use_ecparams_rfc8410(¶ms, ec_grp_id, pk)) != 0 || (ret = diff --git a/library/pkwrite.c b/library/pkwrite.c index e89baaf256..c8a96d9eaa 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -185,20 +185,33 @@ static int pk_write_ec_param(unsigned char **p, unsigned char *start, * privateKey OCTET STRING -- always of length ceil(log2(n)/8) */ static int pk_write_ec_private(unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec) + const mbedtls_pk_context *pk) { + size_t byte_length; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t byte_length = (ec->grp.pbits + 7) / 8; + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + psa_status_t status; + + status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); + if (status != PSA_SUCCESS) { + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + goto exit; + } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); + byte_length = (ec->grp.pbits + 7) / 8; ret = mbedtls_ecp_write_key(ec, tmp, byte_length); if (ret != 0) { goto exit; } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); - exit: - mbedtls_platform_zeroize(tmp, byte_length); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); return ret; } #endif /* MBEDTLS_ECP_LIGHT */ @@ -280,7 +293,11 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu pk_type = mbedtls_pk_get_type(key); #if defined(MBEDTLS_ECP_LIGHT) if (pk_type == MBEDTLS_PK_ECKEY) { +#if defined(MBEDTLS_ECP_C) ec_grp_id = mbedtls_pk_ec_ro(*key)->grp.id; +#else /* MBEDTLS_ECP_C */ + ec_grp_id = mbedtls_ecc_group_of_psa(key->ec_family, key->ec_bits, 0); +#endif /* MBEDTLS_ECP_C */ } #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -372,7 +389,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu * CurvePrivateKey ::= OCTET STRING */ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, - mbedtls_ecp_keypair *ec) + const mbedtls_pk_context *pk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; @@ -380,14 +397,23 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, const char *oid; /* privateKey */ - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, ec)); + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING)); /* privateKeyAlgorithm */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, + pk->ec_bits, 0); + if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { + return ret; + } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec->grp.id, &oid, &oid_len)) != 0) { return ret; } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0)); @@ -408,6 +434,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *c; size_t len = 0; +#if defined(MBEDTLS_ECP_LIGHT) + mbedtls_ecp_group_id grp_id; +#endif if (size == 0) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; @@ -503,12 +532,11 @@ end_of_export: #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*key); size_t pub_len = 0, par_len = 0; #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410_curve(ec->grp.id)) { - return pk_write_ec_rfc8410_der(&c, buf, ec); + if (mbedtls_pk_is_rfc8410(key)) { + return pk_write_ec_rfc8410_der(&c, buf, key); } #endif @@ -542,7 +570,8 @@ end_of_export: len += pub_len; /* parameters */ - MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec->grp.id)); + grp_id = mbedtls_pk_get_group_id(key); + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, grp_id)); MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len)); MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf, @@ -551,7 +580,7 @@ end_of_export: len += par_len; /* privateKey */ - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, ec)); + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, key)); /* version */ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1)); @@ -625,7 +654,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410_curve(mbedtls_pk_ec_ro(*key)->grp.id)) { + if (mbedtls_pk_is_rfc8410(key)) { begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8; } else From ae8c628edb60be2a546a864f5e918b391ae85920 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:57:57 +0200 Subject: [PATCH 322/483] pk: improve sign, check_pair and wrap_as_opaque functions with new format Signed-off-by: Valerio Setti --- library/pk.c | 16 +++++++++++++--- library/pk_wrap.c | 32 +++++++++++++++++++++----------- 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/library/pk.c b/library/pk.c index 77012e1578..cccadb1f92 100644 --- a/library/pk.c +++ b/library/pk.c @@ -912,24 +912,34 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, #else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ec; unsigned char d[MBEDTLS_ECP_MAX_BYTES]; size_t d_len; psa_ecc_family_t curve_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; size_t bits; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status; /* export the private key material in the format PSA wants */ - ec = mbedtls_pk_ec_rw(*pk); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + status = psa_export_key(pk->priv_id, d, sizeof(d), &d_len); + if (status != PSA_SUCCESS) { + return psa_pk_status_to_mbedtls(status); + } + + curve_id = pk->ec_family; + bits = pk->ec_bits; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + d_len = PSA_BITS_TO_BYTES(ec->grp.nbits); if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) { return ret; } curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id); /* prepare the key attributes */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 7f5e751a9b..f3a44aedfb 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -925,12 +925,9 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - mbedtls_ecp_keypair *ctx = pk->pk_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_algorithm_t psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); @@ -938,10 +935,17 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); #endif +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_ecc_family_t curve = pk->ec_family; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ctx = pk->pk_ctx; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits); size_t key_len = PSA_BITS_TO_BYTES(curve_bits); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* PSA has its own RNG */ ((void) f_rng); @@ -951,6 +955,12 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(pk->priv_id) == PSA_KEY_ID_NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + key_id = pk->priv_id; +#else if (key_len > sizeof(buf)) { return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } @@ -970,6 +980,7 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, ret = PSA_PK_TO_MBEDTLS_ERR(status); goto cleanup; } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len, sig, sig_size, sig_len); @@ -981,8 +992,11 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, ret = pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size); cleanup: + +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_platform_zeroize(buf, sizeof(buf)); status = psa_destroy_key(key_id); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (ret == 0 && status != PSA_SUCCESS) { ret = PSA_PK_TO_MBEDTLS_ERR(status); } @@ -1123,24 +1137,19 @@ cleanup: static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv) { psa_status_t status, destruction_status; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* We are using MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH for the size of this - * buffer because it will be used to hold the private key at first and - * then its public part (but not at the same time). */ uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t prv_key_len; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - const psa_ecc_family_t curve = prv->ec_family; - const size_t curve_bits = prv->ec_bits; + mbedtls_svc_key_id_t key_id = prv->priv_id; #else /* !MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t pub_key_len; size_t curve_bits; const psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(mbedtls_pk_ec_ro(*prv)->grp.id, &curve_bits); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ const size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits); if (curve == 0) { @@ -1163,6 +1172,7 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv } mbedtls_platform_zeroize(prv_key_buf, sizeof(prv_key_buf)); +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf), &prv_key_len); From 972077820b392af04ce86a4e4a1a5692224db0d2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:59:06 +0200 Subject: [PATCH 323/483] tls/x509: minor enhancement for using the new private key format Signed-off-by: Valerio Setti --- library/ssl_tls.c | 9 +++++++-- library/ssl_tls12_client.c | 20 +++++++++++--------- library/ssl_tls12_server.c | 19 +++++++++++++++++-- library/x509_crt.c | 2 +- 4 files changed, 36 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fe666e88cc..2babb04a4a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7388,13 +7388,18 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, /* and in the unlikely case the above assumption no longer holds * we are making sure that pk_ec() here does not return a NULL */ + mbedtls_ecp_group_id grp_id; +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); if (ec == NULL) { MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec_ro() returned NULL")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - - if (mbedtls_ssl_check_curve(ssl, ec->grp.id) != 0) { + grp_id = ec->grp.id; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 070583b138..691fa62dbd 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1986,7 +1986,6 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ecp_keypair *peer_key; mbedtls_pk_context *peer_pk; #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) @@ -2007,21 +2006,24 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - peer_key = mbedtls_pk_ec_ro(*peer_pk); +#if defined(MBEDTLS_ECP_C) + const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk); +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_USE_PSA_CRYPTO) uint16_t tls_id = 0; psa_ecc_family_t ecc_family; + mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk); - if (mbedtls_ssl_check_curve(ssl, peer_key->grp.id) != 0) { + if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; } - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(peer_key->grp.id); + tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); if (tls_id == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not suported", - peer_key->grp.id)); + grp_id)); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } @@ -2037,7 +2039,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) memcpy(ssl->handshake->ecdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); ssl->handshake->ecdh_psa_peerkey_len = peer_pk->pub_raw_len; ret = 0; -#else +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ size_t olen = 0; ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, @@ -2049,8 +2051,8 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return ret; } ssl->handshake->ecdh_psa_peerkey_len = olen; -#endif /* MBEDTLS_ECP_C */ -#else +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, MBEDTLS_ECDH_THEIRS)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); @@ -2061,7 +2063,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; } -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index aa3e306a4a..a442b3714b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2600,7 +2600,10 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) psa_ecc_family_t ecc_family; size_t key_len; mbedtls_pk_context *pk; + mbedtls_ecp_group_id grp_id; +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_ecp_keypair *key; +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ pk = mbedtls_ssl_own_key(ssl); @@ -2636,12 +2639,16 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ key = mbedtls_pk_ec_rw(*pk); if (key == NULL) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(key->grp.id); + grp_id = key->grp.id; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); if (tls_id == 0) { /* This elliptic curve is not supported */ return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; @@ -2661,11 +2668,19 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type)); psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ key_len = PSA_BITS_TO_BYTES(key->grp.pbits); ret = mbedtls_ecp_write_key(key, buf, key_len); if (ret != 0) { goto cleanup; } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_import_key(&key_attributes, buf, key_len, &ssl->handshake->ecdh_psa_privkey); diff --git a/library/x509_crt.c b/library/x509_crt.c index cba30aaf27..b658f7caa6 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -238,7 +238,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, if (pk_alg == MBEDTLS_PK_ECDSA || pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { - const mbedtls_ecp_group_id gid = mbedtls_pk_ec_ro(*pk)->grp.id; + const mbedtls_ecp_group_id gid = mbedtls_pk_get_group_id(pk); if (gid == MBEDTLS_ECP_DP_NONE) { return -1; From 7237d5ff5b269f9859d1b97b317a4d2b535b8f9a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 19:00:22 +0200 Subject: [PATCH 324/483] test: minor enhancement for using the new private key format Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 47 +++++++++--------------- tests/suites/test_suite_pkparse.function | 7 +++- 2 files changed, 22 insertions(+), 32 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 7227f92782..a5b50dec45 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -29,13 +29,9 @@ static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) { psa_status_t status; - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits); - unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; - size_t key_len; int ret; if (curve == 0) { @@ -44,25 +40,21 @@ static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_bits(&key_attr, curve_bits); - psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE); +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_set_key_algorithm(&key_attr, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); +#else + psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); +#endif - status = psa_generate_key(&key_attr, &key_id); + status = psa_generate_key(&key_attr, &pk->priv_id); if (status != PSA_SUCCESS) { return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } - status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - goto exit; - } - - ret = mbedtls_mpi_read_binary(&eck->d, key_buf, key_len); - if (ret != 0) { - goto exit; - } - - status = psa_export_public_key(key_id, pk->pub_raw, sizeof(pk->pub_raw), + status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), &pk->pub_raw_len); if (status != PSA_SUCCESS) { ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; @@ -72,15 +64,10 @@ static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) pk->ec_family = curve; pk->ec_bits = curve_bits; - status = psa_destroy_key(key_id); - if (status != PSA_SUCCESS) { - return psa_pk_status_to_mbedtls(status); - } - return 0; exit: - status = psa_destroy_key(key_id); + status = psa_destroy_key(pk->priv_id); return (ret != 0) ? ret : psa_pk_status_to_mbedtls(status); } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -114,10 +101,16 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { int ret; +#if defined(MBEDTLS_ECP_C) ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, parameter); if (ret != 0) { return ret; } + return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, + &mbedtls_pk_ec_rw(*pk)->d, + &mbedtls_pk_ec_rw(*pk)->Q, + mbedtls_test_rnd_std_rand, NULL); +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_ecp_group grp; @@ -136,12 +129,6 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) return 0; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#if defined(MBEDTLS_ECP_C) - return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, - &mbedtls_pk_ec_rw(*pk)->d, - &mbedtls_pk_ec_rw(*pk)->Q, - mbedtls_test_rnd_std_rand, NULL); -#endif /* MBEDTLS_ECP_C */ } #endif /* MBEDTLS_ECP_LIGHT */ diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index a49b6d3195..6fa78c1498 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -117,10 +117,13 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) TEST_ASSERT(res == result); if (res == 0) { - const mbedtls_ecp_keypair *eckey; TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); - eckey = mbedtls_pk_ec_ro(ctx); +#if defined(MBEDTLS_ECP_C) + const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx); TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0); +#else + /* PSA keys are already checked on import so nothing to do here. */ +#endif } exit: From ed25edb1a2fbdd7b38c306bb1e25ca199983f692 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 19:04:36 +0200 Subject: [PATCH 325/483] test_suite_pkparse: fix failure When the key is imported into an ecp_keypair structure it is read by means of mbedtls_mpi_read_binary_le() and then checked with mbedtls_ecp_check_privkey() which returns error (as expected). When the key is imported in PSA then it is read using mbedtls_ecp_read_key() which fixes the errors in the test before importing. This cause the test itself to fail. As a consequence I set the dependency to ECP_C because it's the only case in which the key is imported in an ecp_keypair structure. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkparse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 02a6ae7507..978439ac33 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1197,7 +1197,7 @@ depends_on:MBEDTLS_ECP_LIGHT pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_ECP_C pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters) From 9efa8c4d14206ec19072f5113fc624ee4a501655 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 19 May 2023 13:27:30 +0200 Subject: [PATCH 326/483] pk: fix eckey_check_pair_psa The problem was that the private key ID was destroyed even when MBEDTLS_PK_USE_PSA_EC_DATA was enabled and of course this was not correct. At the same time the code has been slighlty reorganized to make it more readable. Signed-off-by: Valerio Setti --- library/pk_wrap.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f3a44aedfb..92937c8f3b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1136,13 +1136,25 @@ cleanup: */ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv) { - psa_status_t status, destruction_status; + psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t prv_key_len; #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_svc_key_id_t key_id = prv->priv_id; + + status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf), + &prv_key_len); + ret = PSA_PK_TO_MBEDTLS_ERR(status); + if (ret != 0) { + return ret; + } + + if (memcmp(prv_key_buf, pub->pub_raw, pub->pub_raw_len) != 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } #else /* !MBEDTLS_PK_USE_PSA_EC_DATA */ + psa_status_t destruction_status; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; @@ -1172,7 +1184,6 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv } mbedtls_platform_zeroize(prv_key_buf, sizeof(prv_key_buf)); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf), &prv_key_len); @@ -1184,11 +1195,6 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv return PSA_PK_TO_MBEDTLS_ERR(destruction_status); } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - if (memcmp(prv_key_buf, pub->pub_raw, pub->pub_raw_len) != 0) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } -#else ret = mbedtls_ecp_point_write_binary(&mbedtls_pk_ec_rw(*pub)->grp, &mbedtls_pk_ec_rw(*pub)->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, From e50a75f6ff10904a45c7fc7078a5eb34fed659a3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 19 May 2023 17:43:06 +0200 Subject: [PATCH 327/483] test: add exception in analyze_outcomes.py and fix test for montgomery curves The exception in analyze_outcomes.py follows previous commit in which a test in test_suite_pkparse was set with the ECP_C guard for a different parsing of the private key between the legacy and PSA implementations. The wrong guard in test_suite_ecp.function instead was erroneously added in a past commit and it was setting a non-existing symbol of mbedTLS so those tests were basically never executed. Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 16 +++++++++++++++- tests/suites/test_suite_ecp.function | 2 +- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 293459b11f..0238555367 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -247,7 +247,21 @@ TASKS = { 'ECP test vectors secp256r1 rfc 5114', 'ECP test vectors secp384r1 rfc 5114', 'ECP test vectors secp521r1 rfc 5114', - ] + ], + 'test_suite_pkparse': [ + # This is a known difference for Montgomery curves: in + # reference component private keys are parsed using + # mbedtls_mpi_read_binary_le(), while in driver version they + # they are imported in PSA and there the parsing is done + # through mbedtls_ecp_read_key(). Unfortunately the latter + # fixes the errors which are intentionally set on the parsed + # key and therefore the following test case is not failing + # as expected. + # This cause the following test to be guarded by ECP_C and + # not being executed on the driver version. + ('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking ' + 'requirements, from RFC8410 Appendix A but made into version 0)'), + ], } } }, diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 250efcc673..f67c5ae9df 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1086,7 +1086,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBBEDTLS_ECP_C */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBEDTLS_ECP_LIGHT */ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected) { mbedtls_test_rnd_buf_info rnd_info; From ec00b500b52a4a8cbe398a76efa20bcbdad6ffea Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 23 May 2023 17:31:01 +0100 Subject: [PATCH 328/483] ecp_curves: Adjusted input checking for `ecp_mod_p255`. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index c9868f39d2..6192f6a645 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5432,9 +5432,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) { - if (X_Limbs > 2*P255_WIDTH) { - X_Limbs = 2*P255_WIDTH; - } else if (X_Limbs < P255_WIDTH) { + if (X_Limbs != 2 * P255_WIDTH) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } From 7ef8a8d0dac58f6a5df44dfa2e71e085177c471a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 May 2023 18:39:54 +0200 Subject: [PATCH 329/483] pk: improve description for the new priv_id field Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index ffd1b73b23..ec99c8413a 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -262,11 +262,24 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; typedef struct mbedtls_pk_context { const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */ void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ - /* When MBEDTLS_PSA_CRYPTO_C is enabled then the following priv_id field is - * used to store the ID of the opaque key. - * This priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by - * MBEDTLS_USE_PSA_CRYPTO because it can be used also in mbedtls_pk_sign_ext - * for RSA keys. */ + /* The following field is used to store the ID of a private key in the + * following cases: + * - opaque key when MBEDTLS_PSA_CRYPTO_C is defined + * - normal key when MBEDTLS_PK_USE_PSA_EC_DATA is defined. In this case: + * - the pk_ctx above is not not used to store the private key anymore. + * Actually that field not populated at all in this case because also + * the public key will be stored in raw format as explained below + * - this ID is used for all private key operations (ex: sign, check + * key pair, key write, etc) using PSA functions + * + * Note: this private key storing solution only affects EC keys, not the + * other ones. The latters still use the pk_ctx to store their own + * context. + * + * Note: this priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by + * MBEDTLS_PK_USE_PSA_EC_DATA (as the public counterpart below) because, + * when working with opaque keys, it can be used also in + * mbedtls_pk_sign_ext for RSA keys. */ #if defined(MBEDTLS_PSA_CRYPTO_C) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */ #endif /* MBEDTLS_PSA_CRYPTO_C */ @@ -277,8 +290,7 @@ typedef struct mbedtls_pk_context { * * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled: * - the pk_ctx above is not used anymore for storing the public key - * inside the ecp_keypair structure (only the private part, but also this - * one is going to change in the future) + * inside the ecp_keypair structure * - the following fields are used for all public key operations: signature * verify, key pair check and key write. * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy From 3b6bf105d1271ba624b22cc1bedd951b9c2be8bf Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 23 May 2023 17:51:52 +0100 Subject: [PATCH 330/483] Fix missed renames from N to X Signed-off-by: Paul Elliott --- library/ecp_curves.c | 4 ++-- library/ecp_invasive.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index d34eea2f92..42d151a4c6 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5522,7 +5522,7 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) * X. */ memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL)); - /* N = A0 */ + /* X = A0 */ for (i = P448_WIDTH; i < X_limbs; i++) { X[i] = 0; } @@ -5538,7 +5538,7 @@ int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) /* No carry here - only max 224 bits */ (void) mbedtls_mpi_core_add(X, X, Q, Q_limbs); - /* M = (B0 + B1) * 2^224, N += M */ + /* M = (B0 + B1) * 2^224, X += M */ if (sizeof(mbedtls_mpi_uint) > 4) { M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS); } diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 4cf4f6e4b4..379e022b87 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -196,7 +196,7 @@ int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N); #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *N, size_t N_limbs); +int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ From b5844e47c03587428761ef220e1ae9074494f4f0 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 24 May 2023 02:11:06 +0000 Subject: [PATCH 331/483] Change assert to equal base one comments Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index f5cb3df77a..dbb7b3cf21 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1627,7 +1627,7 @@ void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype) TEST_EQUAL(mbedtls_test_read_mpi_core(&p_A, &p_A_limbs, input_A), 0); TEST_EQUAL(mbedtls_test_read_mpi_core(&p_B, &p_B_limbs, input_B), 0); - TEST_ASSERT(mbedtls_ecp_modulus_setup(&m, id, ctype) == 0); + TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype)); /* Test for limb sizes for two input value and modulus */ TEST_EQUAL(p_A_limbs, p_B_limbs); From f9f0ba82116de4eaae3f46dde99c75f844547637 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 23 May 2023 17:34:33 +0100 Subject: [PATCH 332/483] Use functions in alignment.h to get value Refactor code using get functions from alignment.h to read values. Signed-off-by: Thomas Daubney --- library/ssl_cookie.c | 5 +--- library/ssl_tls.c | 47 ++++++-------------------------------- library/ssl_tls12_server.c | 7 ++---- 3 files changed, 10 insertions(+), 49 deletions(-) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ba25389237..6d54300bc9 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -364,10 +364,7 @@ int mbedtls_ssl_cookie_check(void *p_ctx, cur_time = ctx->serial; #endif - cookie_time = ((unsigned long) cookie[0] << 24) | - ((unsigned long) cookie[1] << 16) | - ((unsigned long) cookie[2] << 8) | - ((unsigned long) cookie[3]); + cookie_time = (unsigned long) MBEDTLS_GET_UINT32_BE(cookie, 0); if (ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout) { ret = -1; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fe666e88cc..be7742fc98 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4613,10 +4613,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - session_len = ((size_t) p[0] << 24) | - ((size_t) p[1] << 16) | - ((size_t) p[2] << 8) | - ((size_t) p[3]); + session_len = MBEDTLS_GET_UINT32_BE(p, 0); p += 4; /* This has been allocated by ssl_handshake_init(), called by @@ -4711,10 +4708,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - ssl->badmac_seen = ((uint32_t) p[0] << 24) | - ((uint32_t) p[1] << 16) | - ((uint32_t) p[2] << 8) | - ((uint32_t) p[3]); + ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0); p += 4; #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) @@ -4722,24 +4716,10 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - ssl->in_window_top = ((uint64_t) p[0] << 56) | - ((uint64_t) p[1] << 48) | - ((uint64_t) p[2] << 40) | - ((uint64_t) p[3] << 32) | - ((uint64_t) p[4] << 24) | - ((uint64_t) p[5] << 16) | - ((uint64_t) p[6] << 8) | - ((uint64_t) p[7]); + ssl->in_window_top = MBEDTLS_GET_UINT64_BE(p, 0); p += 8; - ssl->in_window = ((uint64_t) p[0] << 56) | - ((uint64_t) p[1] << 48) | - ((uint64_t) p[2] << 40) | - ((uint64_t) p[3] << 32) | - ((uint64_t) p[4] << 24) | - ((uint64_t) p[5] << 16) | - ((uint64_t) p[6] << 8) | - ((uint64_t) p[7]); + ssl->in_window = MBEDTLS_GET_UINT64_BE(p, 0); p += 8; #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ @@ -9102,14 +9082,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - start = ((uint64_t) p[0] << 56) | - ((uint64_t) p[1] << 48) | - ((uint64_t) p[2] << 40) | - ((uint64_t) p[3] << 32) | - ((uint64_t) p[4] << 24) | - ((uint64_t) p[5] << 16) | - ((uint64_t) p[6] << 8) | - ((uint64_t) p[7]); + start = MBEDTLS_GET_UINT64_BE(p, 0); p += 8; session->start = (time_t) start; @@ -9132,10 +9105,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session, memcpy(session->master, p, 48); p += 48; - session->verify_result = ((uint32_t) p[0] << 24) | - ((uint32_t) p[1] << 16) | - ((uint32_t) p[2] << 8) | - ((uint32_t) p[3]); + session->verify_result = MBEDTLS_GET_UINT32_BE(p, 0); p += 4; /* Immediately clear invalid pointer values that have been read, in case @@ -9254,10 +9224,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - session->ticket_lifetime = ((uint32_t) p[0] << 24) | - ((uint32_t) p[1] << 16) | - ((uint32_t) p[2] << 8) | - ((uint32_t) p[3]); + session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); p += 4; #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index aa3e306a4a..a377d805b9 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1088,9 +1088,7 @@ read_record_header: #if defined(MBEDTLS_SSL_RENEGOTIATION) if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) | - ssl->in_msg[5]; - + unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); if (cli_msg_seq != ssl->handshake->in_msg_seq) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: " "%u (expected %u)", cli_msg_seq, @@ -1102,8 +1100,7 @@ read_record_header: } else #endif { - unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->in_msg_seq = cli_msg_seq + 1; } From 52fe517a77090aa3cf361285eb30053c0664871d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:28:46 +0530 Subject: [PATCH 333/483] Change pbkdf2 password to array Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 2 +- library/psa_crypto.c | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 5d01f6c583..245f26a15f 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -119,7 +119,7 @@ typedef struct { size_t MBEDTLS_PRIVATE(input_cost); uint8_t *MBEDTLS_PRIVATE(salt); size_t MBEDTLS_PRIVATE(salt_length); - uint8_t *MBEDTLS_PRIVATE(password); + uint8_t MBEDTLS_PRIVATE(password)[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; size_t MBEDTLS_PRIVATE(password_length); } psa_pbkdf2_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index af4ab65159..4615920055 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5101,11 +5101,6 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) operation->ctx.pbkdf2.salt_length); mbedtls_free(operation->ctx.pbkdf2.salt); } - if (operation->ctx.pbkdf2.password != NULL) { - mbedtls_platform_zeroize(operation->ctx.pbkdf2.password, - operation->ctx.pbkdf2.password_length); - mbedtls_free(operation->ctx.pbkdf2.password); - } status = PSA_SUCCESS; } else From e66a8ad8d6b502a74a3c97dbf41ec76a62574506 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:30:43 +0530 Subject: [PATCH 334/483] Define PSA_VENDOR_PBKDF2_MAX_ITERATIONS Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_sizes.h | 4 ++++ library/psa_crypto.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 37f72054f7..6b8ccbb9a4 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -253,6 +253,10 @@ * curve. */ #define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32 +/* The maximum number of iterations for PBKDF2 on this implementation, in bits. + * This is a vendor-specific macro. This can be configured if necessary */ +#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff + /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4615920055..a8ccde56f2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6419,13 +6419,14 @@ static psa_status_t psa_pbkdf2_set_input_cost( return PSA_ERROR_BAD_STATE; } - if (data > 0xFFFFFFFF) { + if (data > PSA_VENDOR_PBKDF2_MAX_ITERATIONS) { return PSA_ERROR_NOT_SUPPORTED; } if (data == 0) { return PSA_ERROR_INVALID_ARGUMENT; } + pbkdf2->input_cost = data; pbkdf2->state = PSA_PBKDF2_STATE_INPUT_COST_SET; From b538bb7a028e6a340cd2d240868513719013e004 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:32:14 +0530 Subject: [PATCH 335/483] Restructure pbkdf2_set_salt function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a8ccde56f2..77c51847f8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6437,9 +6437,6 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, const uint8_t *data, size_t data_length) { - uint8_t *prev_salt; - size_t prev_salt_length; - if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET && pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { return PSA_ERROR_BAD_STATE; @@ -6454,16 +6451,16 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, memcpy(pbkdf2->salt, data, data_length); pbkdf2->salt_length = data_length; } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { - prev_salt = pbkdf2->salt; - prev_salt_length = pbkdf2->salt_length; + uint8_t *prev_salt = pbkdf2->salt; + size_t prev_salt_length = pbkdf2->salt_length; + pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); if (pbkdf2->salt == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } memcpy(pbkdf2->salt, prev_salt, prev_salt_length); - memcpy(pbkdf2->salt + prev_salt_length, data, - data_length); + memcpy(pbkdf2->salt + prev_salt_length, data, data_length); pbkdf2->salt_length += data_length; mbedtls_free(prev_salt); } From 10cc6bda1cdb5878ff230c9c60988a77ce45f706 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:35:14 +0530 Subject: [PATCH 336/483] Add PSA_ALG_PBKDF2_HMAC_GET_HASH macro Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_values.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 39acd96c52..580e3ae80d 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2102,7 +2102,8 @@ */ #define PSA_ALG_IS_PBKDF2_HMAC(alg) \ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE) - +#define PSA_ALG_PBKDF2_HMAC_GET_HASH(pbkdf2_alg) \ + (PSA_ALG_CATEGORY_HASH | ((pbkdf2_alg) & PSA_ALG_HASH_MASK)) /** The PBKDF2-AES-CMAC-PRF-128 password hashing / key stretching algorithm. * * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2). From bd6cefb3daf459019c6dab53a02828e35150b4ff Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:36:34 +0530 Subject: [PATCH 337/483] Add HMAC specific function for setting password Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 77c51847f8..02ca4d735f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6470,30 +6470,49 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } +static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, + const uint8_t *input, + size_t input_len, + uint8_t *output, + size_t output_len) +{ + psa_status_t status = PSA_SUCCESS; + if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) { + status = psa_hash_compute(hash_alg, input, input_len, output, + PSA_HMAC_MAX_HASH_BLOCK_SIZE, &output_len); + } else { + memcpy(output, input, input_len); + output_len = PSA_HASH_BLOCK_LENGTH(hash_alg); + } + return status; +} + static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, + psa_algorithm_t kdf_alg, const uint8_t *data, size_t data_length) { + psa_status_t status; if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { return PSA_ERROR_BAD_STATE; } if (data_length != 0) { - pbkdf2->password = mbedtls_calloc(1, data_length); - if (pbkdf2->password == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); + status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, + pbkdf2->password, + pbkdf2->password_length); } - - memcpy(pbkdf2->password, data, data_length); - pbkdf2->password_length = data_length; } pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; - return PSA_SUCCESS; + return status; } static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, + psa_algorithm_t kdf_alg, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length) @@ -6502,7 +6521,7 @@ static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, case PSA_KEY_DERIVATION_INPUT_SALT: return psa_pbkdf2_set_salt(pbkdf2, data, data_length); case PSA_KEY_DERIVATION_INPUT_PASSWORD: - return psa_pbkdf2_set_password(pbkdf2, data, data_length); + return psa_pbkdf2_set_password(pbkdf2, kdf_alg, data, data_length); default: return PSA_ERROR_INVALID_ARGUMENT; } @@ -6606,8 +6625,8 @@ static psa_status_t psa_key_derivation_input_internal( #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { - status = psa_pbkdf2_input( - &operation->ctx.pbkdf2, step, data, data_length); + status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, + step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { From 0202ccc9cc036c711bf630dc9760e0acee2480ad Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:38:40 +0530 Subject: [PATCH 338/483] Add tests with direct and key output Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d1972995ed..351d0cedae 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5309,7 +5309,15 @@ derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KE PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA key derivation: PBKDF2-HMAC-SHA256, good case, key output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED + +PSA key derivation: PBKDF2-HMAC-SHA256, good case, DERIVE key as password, key output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 From aac9a581f80f6db7c5bce36bc2dba67f21133aa9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 14:19:17 +0530 Subject: [PATCH 339/483] Fix code style and initialize status Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 02ca4d735f..4cce837c52 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6471,10 +6471,10 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, } static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, - const uint8_t *input, - size_t input_len, - uint8_t *output, - size_t output_len) + const uint8_t *input, + size_t input_len, + uint8_t *output, + size_t output_len) { psa_status_t status = PSA_SUCCESS; if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) { @@ -6492,7 +6492,7 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, const uint8_t *data, size_t data_length) { - psa_status_t status; + psa_status_t status = PSA_SUCCESS; if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { return PSA_ERROR_BAD_STATE; } From 51aa52eba4d9b53ddcc1f39d297d0d78b8ef61a4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 May 2023 12:37:50 +0200 Subject: [PATCH 340/483] pk: fix key properties when importing private key Signed-off-by: Valerio Setti --- library/pkparse.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 18b40ceb84..e70953e9af 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -642,16 +642,9 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, psa_status_t status; psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); - /* Setting largest masks for usage and key algorithms */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE | - PSA_KEY_USAGE_EXPORT); -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - psa_set_key_algorithm(&attributes, - PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); -#else - psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); -#endif + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); status = psa_import_key(&attributes, key, len, &pk->priv_id); if (status != PSA_SUCCESS) { @@ -1304,13 +1297,14 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, /* Setting largest masks for usage and key algorithms */ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | - PSA_KEY_USAGE_EXPORT); + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); #else psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); #endif + psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDH); status = psa_import_key(&attributes, priv_key_raw, priv_key_len, &pk->priv_id); From 1194ffa82fc1a541e6fbb39e9d19b86238c7ab89 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 May 2023 13:15:58 +0200 Subject: [PATCH 341/483] pk: minor code fixes/enhancements Signed-off-by: Valerio Setti --- library/pk.c | 3 ++- library/pkwrite.c | 7 +++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/pk.c b/library/pk.c index cccadb1f92..8e42b8d4c7 100644 --- a/library/pk.c +++ b/library/pk.c @@ -912,7 +912,6 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, #else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) { - unsigned char d[MBEDTLS_ECP_MAX_BYTES]; size_t d_len; psa_ecc_family_t curve_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -922,6 +921,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, /* export the private key material in the format PSA wants */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + unsigned char d[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; status = psa_export_key(pk->priv_id, d, sizeof(d), &d_len); if (status != PSA_SUCCESS) { return psa_pk_status_to_mbedtls(status); @@ -930,6 +930,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, curve_id = pk->ec_family; bits = pk->ec_bits; #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + unsigned char d[MBEDTLS_ECP_MAX_BYTES]; mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; diff --git a/library/pkwrite.c b/library/pkwrite.c index c8a96d9eaa..8df63946ce 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -395,22 +395,21 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, size_t len = 0; size_t oid_len = 0; const char *oid; + mbedtls_ecp_group_id grp_id; /* privateKey */ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING)); + grp_id = mbedtls_pk_get_group_id(pk); /* privateKeyAlgorithm */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, - pk->ec_bits, 0); if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { return ret; } #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); - if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec->grp.id, &oid, &oid_len)) != 0) { + if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { return ret; } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ From d0405093d93959dcc0167fd9990a1180d51e3326 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 May 2023 13:16:40 +0200 Subject: [PATCH 342/483] tls: use pk_get_group_id() instead of directly accessing PK's structure Signed-off-by: Valerio Setti --- library/ssl_tls.c | 12 +++--------- library/ssl_tls12_server.c | 16 ++++++---------- 2 files changed, 9 insertions(+), 19 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2babb04a4a..036b5a720b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7388,17 +7388,11 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, /* and in the unlikely case the above assumption no longer holds * we are making sure that pk_ec() here does not return a NULL */ - mbedtls_ecp_group_id grp_id; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); - if (ec == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec_ro() returned NULL")); + mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk); + if (grp_id == MBEDTLS_ECP_DP_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - grp_id = ec->grp.id; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a442b3714b..b0a4fdf474 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2601,9 +2601,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) size_t key_len; mbedtls_pk_context *pk; mbedtls_ecp_group_id grp_id; -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_keypair *key; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ pk = mbedtls_ssl_own_key(ssl); @@ -2611,6 +2608,10 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) + mbedtls_ecp_keypair *key = mbedtls_pk_ec_rw(*pk); +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ + switch (mbedtls_pk_get_type(pk)) { case MBEDTLS_PK_OPAQUE: if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { @@ -2639,15 +2640,10 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - key = mbedtls_pk_ec_rw(*pk); - if (key == NULL) { + grp_id = mbedtls_pk_get_group_id(pk); + if (grp_id == MBEDTLS_ECP_DP_NONE) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - grp_id = key->grp.id; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); if (tls_id == 0) { /* This elliptic curve is not supported */ From a541e0108bf78ed55b4e16dbe14bfed612e857f7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 May 2023 14:31:21 +0200 Subject: [PATCH 343/483] pkparse: avoid creating extra copy of the private key Signed-off-by: Valerio Setti --- library/pkparse.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index e70953e9af..07fce5c1c9 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1186,8 +1186,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; - uint8_t priv_key_raw[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; - size_t priv_key_len; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* @@ -1222,13 +1220,7 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, d = p; d_len = len; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - if (len > MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - memcpy(priv_key_raw, p, len); - priv_key_len = len; -#else +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); @@ -1306,8 +1298,7 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, #endif psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDH); - status = psa_import_key(&attributes, priv_key_raw, priv_key_len, - &pk->priv_id); + status = psa_import_key(&attributes, d, d_len, &pk->priv_id); if (status != PSA_SUCCESS) { ret = psa_pk_status_to_mbedtls(status); return ret; From e72bf2da3d66c0a69231fd88e58f41e4c94b6170 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 24 May 2023 15:13:21 +0100 Subject: [PATCH 344/483] ecp_curves: Adjusted the expected limb size for `ecp_mod_p255()`. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 6192f6a645..4fc4b1d839 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5421,7 +5421,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p255(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((255 + biL - 1) / biL); + size_t expected_width = 2 * P255_WIDTH; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); cleanup: From 7050662a48a1eb46f32509c182f5087c1139759e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 24 May 2023 17:31:57 +0100 Subject: [PATCH 345/483] Correct comment header block Signed-off-by: Paul Elliott --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 42d151a4c6..597a340447 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5479,7 +5479,7 @@ cleanup: * splitting N up into 32-bit limbs and doing the arithmetic using the limbs * directly as we do for the NIST primes above, but for 64-bit targets it should * use half the number of operations if we do the reduction with 224-bit limbs, - * since mpi_add_mpi will then use 64-bit adds. + * since mpi_core_add will then use 64-bit adds. */ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs) From d7a3f8065f7a274ed267b59798977979acd3b68c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 22:19:47 +0530 Subject: [PATCH 346/483] Restructure set salt function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4cce837c52..f3699d41ba 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6451,18 +6451,18 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, memcpy(pbkdf2->salt, data, data_length); pbkdf2->salt_length = data_length; } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { - uint8_t *prev_salt = pbkdf2->salt; - size_t prev_salt_length = pbkdf2->salt_length; + uint8_t *next_salt; - pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); - if (pbkdf2->salt == NULL) { + next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length); + if (next_salt == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } - memcpy(pbkdf2->salt, prev_salt, prev_salt_length); - memcpy(pbkdf2->salt + prev_salt_length, data, data_length); + memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length); + memcpy(next_salt + pbkdf2->salt_length, data, data_length); pbkdf2->salt_length += data_length; - mbedtls_free(prev_salt); + mbedtls_free(pbkdf2->salt); + pbkdf2->salt = next_salt; } pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; From 91f99f52c442d78f91683e9947277aa399a49a2c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 22:21:48 +0530 Subject: [PATCH 347/483] Change output length parameter in pbkdf2_hmac_set_password Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f3699d41ba..ae7d7473fa 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6474,15 +6474,15 @@ static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, const uint8_t *input, size_t input_len, uint8_t *output, - size_t output_len) + size_t *output_len) { psa_status_t status = PSA_SUCCESS; if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) { status = psa_hash_compute(hash_alg, input, input_len, output, - PSA_HMAC_MAX_HASH_BLOCK_SIZE, &output_len); + PSA_HMAC_MAX_HASH_BLOCK_SIZE, output_len); } else { memcpy(output, input, input_len); - output_len = PSA_HASH_BLOCK_LENGTH(hash_alg); + *output_len = PSA_HASH_BLOCK_LENGTH(hash_alg); } return status; } @@ -6502,7 +6502,7 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, pbkdf2->password, - pbkdf2->password_length); + &pbkdf2->password_length); } } From 5e7ef203e38a198e7d1e266b4b5400de0ecdc59d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 22:59:42 +0530 Subject: [PATCH 348/483] Add test case for PSA_VENDOR_PBKDF2_MAX_ITERATIONS Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 351d0cedae..c16879bc0f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5319,6 +5319,11 @@ PSA key derivation: PBKDF2-HMAC-SHA256, good case, DERIVE key as password, key o depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED +PSA key derivation: PBKDF2-HMAC-SHA256, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS +#Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000001":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE From 16a36e64d9d94367bf06f35cb3369bf1fd78d5ff Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 22 May 2023 10:05:11 +0000 Subject: [PATCH 349/483] Add mod test functions for unit read write Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 45 ++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index eb85dc2d05..4c5b66e789 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1562,3 +1562,48 @@ exit: mbedtls_free(p_S); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void ecp_mod_read_write(char *input_A, int id, int ctype) +{ + size_t limbs; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_residue rA; // For input + mbedtls_mpi_mod_residue rX; // For read back + mbedtls_mpi_uint *rX_raw = NULL; + mbedtls_mpi_uint *A = NULL; + mbedtls_mpi_uint *bufx = NULL; + + mbedtls_mpi_mod_modulus_init(&m); + + TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype)); + + TEST_EQUAL(mbedtls_test_read_mpi_core(&A, &limbs, input_A), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA, &m, A, limbs)); + + /* Test for limb sizes */ + TEST_EQUAL(m.limbs, limbs); + + ASSERT_ALLOC(rX_raw, limbs); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); + + ASSERT_ALLOC(bufx, limbs); + TEST_EQUAL(mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, + limbs * ciL, + MBEDTLS_MPI_MOD_EXT_REP_LE), 0); + + TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, limbs * ciL, + MBEDTLS_MPI_MOD_EXT_REP_LE)); + + TEST_EQUAL(rA.limbs, rX.limbs); + ASSERT_COMPARE(rA.p, rA.limbs * ciL, rX.p, rA.limbs * ciL); + +exit: + mbedtls_mpi_mod_modulus_free(&m); + mbedtls_mpi_mod_residue_release(&rA); + mbedtls_mpi_mod_residue_release(&rX); + mbedtls_free(A); + mbedtls_free(rX_raw); + mbedtls_free(bufx); +} +/* END_CASE */ From 5e4e287dbec2c1d6306c379296ad48aa6fcfae3a Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 22 May 2023 10:06:15 +0000 Subject: [PATCH 350/483] Add test data for ecp mod read write Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 147 +++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index d08ce0f99a..efaa5061d1 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1520,3 +1520,150 @@ ecp_add_sub #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_add_sub:"0000000000000003f7defb1691e8e3b705620733deaaddd33a760e17a4e9ba333445533fcd71d42a6d00e3468c946b0ff353728c6173d944afbfae4877c606f":"0000000000000003f96c1d081a3cfe300dc4c27fa2ebbc37396957d4bf81156d86b88de3a9312ca5be57d93fa3549b71895aa36bd5231f38146a2f0970425b":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR +# The following data be generated by random.getrandbits() in python with seed(6,2), it must be +# less than the named curves' modulus. we can use mbedtls_mpi_mod_residue_setup() check whether +# it satisfy the requirements. +ecp_read_write #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_read_write:"c320a4737c2b3abe14a03569d26b949692e5dfe8cb1855fe":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_read_write:"9623d7cfa9ae7a34254499c7001d9a88096d373742f9a039":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_read_write:"df5ca32ebad5ccc232b7228fcd4a55577d24b39645cf8aa4059a91e1":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_read_write:"c527e27951c342505f877031bc1e3ac1c27db4ecf72c2c2678629522":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_read_write:"903c2ac9316774fe181e290aae9af1698a0c510089ce5ef7e91b4ad169fc5360":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_read_write:"9c2c0ac2cda95957a9b3d1a243f9300cba98666ace1c9c17b313fc7e8db9b92c":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_read_write:"401fe4fcce06294d68f22599ccdf540b5cb53ec017d7ab26fd80206055e8b3eb6cb9185ed822e2f9168e5087af895f5b":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_read_write:"bb1e330f38d2e6418f918e24a8b0188cbe19514a28a0aaab3642b1932793637c16cf5c51801fd9ab31a5bf371f970cf":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_read_write:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_read_write:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR + +# The following data be generated by random.getrandbits() in python with seed(7,2) +ecp_read_write #15 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_read_write:"6b4cb2424a23d5962217beaddbc496cb8e81973e0becd7b03898d190f9ebdacc":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_read_write:"36f675cc81e74ef5e8e25d940ed904759531985d5d9dc9f81818e811892f902b":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #17 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_read_write:"8d116ece1738f7d93d9c172411e20b8f6b0d549b6f03675a1600a35a099950d8":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #18 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_read_write:"a170b33839263059f28c105d1fb17c2390c192cfd3ac94af0f21ddb66cad4a26":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #19 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_read_write:"7f15052434b9b5df9e7769b10f4205b4907a70c31012f037b64ce4228c38fb2918f135d25f557203301850c5a38fd547":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #20 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_read_write:"3f98e2774cbd87ad5c90a9587403e430ec66a78795e761d17731af10506bf2efc6f877186d76b07e881ed162ae2eb154":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_read_write:"57ee05cde00902c77ebff206867347214cdd2055930d6eaf14f4733f3e7d1bfbc7a2ea20b2f14c942e05319acb5c7427":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #22 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_read_write:"5790f82ec1d3fcff2a3af4d46b0a18e8830e07bc1e398f1012bd4acefaecbd389be4bcfc49b64a0872e6cc3ababced20":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_read_write:"57ee05cde00902c77ebff206867347214cdd2055930d6eaf14f4733f3e7d1bfbc7a2ea20b2f14c942e05319acb5c74273f98e2774cbd87ad5c90a9587403e430":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_read_write:"6bf46c697d2caf82eeeacbe226e875555790f82ec1d3fcff2a3af4d46b0a18e8830e07bc1e398f1012bd4acefaecbd389be4bcfc49b64a0872e6cc3ababced20":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_read_write:"7f26144b98289fcd59a54a7bb1fee08f571242425051c1ccd17f9acae01f5057ca02135e92b1d3f28ede0d7ac3baea9e13deef86ab1031d0f646e1f40a097c97":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_read_write:"4f426dcbb394fb36bb2d420f0f88080b10a3d6b2aa05e11ab2715945795e8229451abd81f1d69ed617f5e837d70820fe119a72d174c9df6acc011cdd9474031b":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR + +# The following data be generated by random.getrandbits(252) in python with seed(8,2) +ecp_read_write #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_read_write:"00b3510bb46ee1da317017a6205738d16018366cf658f7a75ed34fe53a096533":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR + +# The following data be generated by random.getrandbits(252) +ecp_read_write #28 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_read_write:"06694f22359b154881a0d5b3ffc6e35ccfaf00103f584ad4230824d215ceb3a1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR + +# The least 122 bits are generated by random.getrandbits(122) +ecp_read_write #29 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_read_write:"1000000000000000000000000000000011f319877589ca4a07c15471a4517d6c":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR + +# The following datas are generated by random.getrandbits(192). +ecp_read_write #30 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_read_write:"e5b8063831360a4092b850ad7eb72f8263f65da874007cb4":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_read_write:"c24f6aa83bf36a147c2f7ad016edc5d467164890d49d0ac1":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR + +# The following datas are generated by random.getrandbits(224). +ecp_read_write #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_read_write:"0e6edaf80796d3bc4685ca8af852a5fba444adf42b37f5722051e2670":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_read_write:"018dff3934223aa56a9b7e3ea1d1d784fb9db434b610b1631e941aa79":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + +# The least 112 bits are generated by random.getrandbits(112) +ecp_read_write #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_read_write:"1000000000000000000000000000162e910269470d0718c1afdd9a78d":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + +# The following datas are generated by random.getrandbits(256). +ecp_read_write #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_read_write:"3c02e56756a3e9570edca4eca92d04a31b941f4360908405d45c39a39ec353c1":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_read_write:"353a0106e6c08269844dbc0ca65423a9e744b24e7f61701e1607b1c4b0f91306":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR + +# The least 440 bits are generated by random.getrandbits(440) +ecp_read_write #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_read_write:"000000000000003fdc3d71f22ff5fd25f0f21231a06a7cb3aa75ab7d1944ff09974b85f2306d4a8a2ad16e107ac8069b51c6322463278ecef2d30194df943c":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_read_write:"000000000000003f9fbd8780ed55037ea03260d7ef27bba4d70dfcf3332eb05b6659eab3bfcd5d50545214b0afb81e8824918818fd64f799ef936ac3a8db56":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR From b8cf6226f2860e9f3a56b009ecf830808a5fbe32 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 24 May 2023 08:55:59 +0000 Subject: [PATCH 351/483] Add test function ecp_mod_random Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 29 ++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 4c5b66e789..7675fd9b2f 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -7,6 +7,7 @@ #include "bignum_core.h" #include "ecp_invasive.h" #include "bignum_mod_raw_invasive.h" +#include "constant_time_internal.h" #define ECP_PF_UNKNOWN -1 @@ -1607,3 +1608,31 @@ exit: mbedtls_free(bufx); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void ecp_mod_random(int id, int ctype) +{ + size_t limbs; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_residue rX; // For random data + mbedtls_mpi_uint *rX_raw = NULL; + + mbedtls_mpi_mod_modulus_init(&m); + TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype)); + + limbs = m.limbs; + + ASSERT_ALLOC(rX_raw, limbs); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); + + TEST_EQUAL(mbedtls_mpi_mod_random(&rX, 1, &m, + mbedtls_test_rnd_std_rand, NULL), 0); + + TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == 1); + +exit: + mbedtls_mpi_mod_modulus_free(&m); + mbedtls_mpi_mod_residue_release(&rX); + mbedtls_free(rX_raw); +} +/* END_CASE */ From dfaf90f3d1c1c627410c13c250a95f7903bba186 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 24 May 2023 08:56:50 +0000 Subject: [PATCH 352/483] Add test data for function ecp_mod_random Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 100 +++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index efaa5061d1..ccba3ac3c5 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1667,3 +1667,103 @@ ecp_mod_read_write:"000000000000003fdc3d71f22ff5fd25f0f21231a06a7cb3aa75ab7d1944 ecp_read_write #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_read_write:"000000000000003f9fbd8780ed55037ea03260d7ef27bba4d70dfcf3332eb05b6659eab3bfcd5d50545214b0afb81e8824918818fd64f799ef936ac3a8db56":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #3 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #5 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #7 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #9 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #11 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #13 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #15 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #16 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #18 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #19 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #21 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #22 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #24 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #25 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE From b3366c556c8124dc2eb4aa22ef36fc66853e5143 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 25 May 2023 03:35:46 +0000 Subject: [PATCH 353/483] Update comments about how to generate mod_read_write data Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index ccba3ac3c5..030cd464c7 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1520,9 +1520,10 @@ ecp_add_sub #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_add_sub:"0000000000000003f7defb1691e8e3b705620733deaaddd33a760e17a4e9ba333445533fcd71d42a6d00e3468c946b0ff353728c6173d944afbfae4877c606f":"0000000000000003f96c1d081a3cfe300dc4c27fa2ebbc37396957d4bf81156d86b88de3a9312ca5be57d93fa3549b71895aa36bd5231f38146a2f0970425b":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits() in python with seed(6,2), it must be -# less than the named curves' modulus. we can use mbedtls_mpi_mod_residue_setup() check whether -# it satisfy the requirements. +# The following data was generated using python's standard random library, +# initialised with seed(6,2) and random.getrandbits(curve bits). Curve bits are 192,224,256,384,520. +# They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup() +# can be used to check whether they satisfy the requirements. ecp_read_write #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecp_mod_read_write:"c320a4737c2b3abe14a03569d26b949692e5dfe8cb1855fe":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR @@ -1563,7 +1564,8 @@ ecp_read_write #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecp_mod_read_write:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits() in python with seed(7,2) +# The following data was generated using python's standard random library, +# initialised with seed(7,2) and random.getrandbits(curve bits). Curve bits are 256,384,512. ecp_read_write #15 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED ecp_mod_read_write:"6b4cb2424a23d5962217beaddbc496cb8e81973e0becd7b03898d190f9ebdacc":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE @@ -1612,22 +1614,23 @@ ecp_read_write #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecp_mod_read_write:"4f426dcbb394fb36bb2d420f0f88080b10a3d6b2aa05e11ab2715945795e8229451abd81f1d69ed617f5e837d70820fe119a72d174c9df6acc011cdd9474031b":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits(252) in python with seed(8,2) +# The following data was generated using python's standard random library, +# initialised with seed(8,2) and random.getrandbits(252). ecp_read_write #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_read_write:"00b3510bb46ee1da317017a6205738d16018366cf658f7a75ed34fe53a096533":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits(252) +# The following data was generated using python's standard random library random.getrandbits(252). ecp_read_write #28 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_read_write:"06694f22359b154881a0d5b3ffc6e35ccfaf00103f584ad4230824d215ceb3a1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR -# The least 122 bits are generated by random.getrandbits(122) +# The least 122 bits were generated by random.getrandbits(122) ecp_read_write #29 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_read_write:"1000000000000000000000000000000011f319877589ca4a07c15471a4517d6c":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR -# The following datas are generated by random.getrandbits(192). +# The following data was generated by random.getrandbits(192). ecp_read_write #30 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_read_write:"e5b8063831360a4092b850ad7eb72f8263f65da874007cb4":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR @@ -1636,7 +1639,7 @@ ecp_read_write #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_read_write:"c24f6aa83bf36a147c2f7ad016edc5d467164890d49d0ac1":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR -# The following datas are generated by random.getrandbits(224). +# The following data was generated by random.getrandbits(224). ecp_read_write #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_read_write:"0e6edaf80796d3bc4685ca8af852a5fba444adf42b37f5722051e2670":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR @@ -1645,12 +1648,12 @@ ecp_read_write #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_read_write:"018dff3934223aa56a9b7e3ea1d1d784fb9db434b610b1631e941aa79":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR -# The least 112 bits are generated by random.getrandbits(112) +# The least 112 bits were generated by random.getrandbits(112) ecp_read_write #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_read_write:"1000000000000000000000000000162e910269470d0718c1afdd9a78d":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR -# The following datas are generated by random.getrandbits(256). +# The following data was generated by random.getrandbits(256). ecp_read_write #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED ecp_mod_read_write:"3c02e56756a3e9570edca4eca92d04a31b941f4360908405d45c39a39ec353c1":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR @@ -1659,7 +1662,7 @@ ecp_read_write #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED ecp_mod_read_write:"353a0106e6c08269844dbc0ca65423a9e744b24e7f61701e1607b1c4b0f91306":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR -# The least 440 bits are generated by random.getrandbits(440) +# The least 440 bits were generated by random.getrandbits(440) ecp_read_write #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_read_write:"000000000000003fdc3d71f22ff5fd25f0f21231a06a7cb3aa75ab7d1944ff09974b85f2306d4a8a2ad16e107ac8069b51c6322463278ecef2d30194df943c":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR From ebc2478e064a7941f4c19c359e1f5666fe073cf3 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 25 May 2023 06:22:29 +0000 Subject: [PATCH 354/483] Move const result to the first parameter Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 7675fd9b2f..2e2605bfd5 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1579,7 +1579,7 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype)); - TEST_EQUAL(mbedtls_test_read_mpi_core(&A, &limbs, input_A), 0); + TEST_EQUAL(0, mbedtls_test_read_mpi_core(&A, &limbs, input_A)); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA, &m, A, limbs)); /* Test for limb sizes */ @@ -1589,11 +1589,12 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); ASSERT_ALLOC(bufx, limbs); - TEST_EQUAL(mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, - limbs * ciL, - MBEDTLS_MPI_MOD_EXT_REP_LE), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, + limbs * ciL, + MBEDTLS_MPI_MOD_EXT_REP_LE)); - TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, limbs * ciL, + TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, + limbs * ciL, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(rA.limbs, rX.limbs); @@ -1625,8 +1626,8 @@ void ecp_mod_random(int id, int ctype) ASSERT_ALLOC(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); - TEST_EQUAL(mbedtls_mpi_mod_random(&rX, 1, &m, - mbedtls_test_rnd_std_rand, NULL), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_random(&rX, 1, &m, + mbedtls_test_rnd_std_rand, NULL)); TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == 1); From 449803abffdaa3181d65d5f86fae16fddb504cdc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 25 May 2023 09:37:05 +0200 Subject: [PATCH 355/483] pkwrite: remove unnecessary code duplication Signed-off-by: Valerio Setti --- library/pkwrite.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 8df63946ce..d6848151c1 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -404,15 +404,9 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, grp_id = mbedtls_pk_get_group_id(pk); /* privateKeyAlgorithm */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { return ret; } -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { - return ret; - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0)); From 23bd53239d4d07cd416d47a896357e8b37d54bbc Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 24 May 2023 11:03:59 +0800 Subject: [PATCH 356/483] code_size_compare.py: add --arch and detection of host arch Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index af6ddd4fcb..fbc0dc171b 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -29,9 +29,32 @@ import argparse import os import subprocess import sys +from enum import Enum from mbedtls_dev import build_tree +class SupportedArch(Enum): + """Supported architecture for code size measurement.""" + AARCH64 = 'aarch64' + AARCH32 = 'aarch32' + X86_64 = 'x86_64' + X86 = 'x86' + +DETECT_ARCH_CMD = "cc -dM -E - < /dev/null" +def detect_arch() -> str: + """Auto-detect host architecture.""" + cc_output = subprocess.check_output(DETECT_ARCH_CMD, shell=True).decode() + if "__aarch64__" in cc_output: + return SupportedArch.AARCH64.value + if "__arm__" in cc_output: + return SupportedArch.AARCH32.value + if "__x86_64__" in cc_output: + return SupportedArch.X86_64.value + if "__x86__" in cc_output: + return SupportedArch.X86.value + else: + print("Unknown host architecture, cannot auto-detect arch.") + sys.exit(1) class CodeSizeComparison: """Compare code size between two Git revisions.""" @@ -199,6 +222,12 @@ def main(): help="new revision for comparison, default is the current work \ directory, including uncommitted changes." ) + parser.add_argument( + "-a", "--arch", type=str, default=detect_arch(), + choices=list(map(lambda s: s.value, SupportedArch)), + help="specify architecture for code size comparison, default is the\ + host architecture." + ) comp_args = parser.parse_args() if os.path.isfile(comp_args.result_dir): @@ -214,6 +243,7 @@ def main(): else: new_revision = "current" + print("Measure code size for architecture: {}".format(comp_args.arch)) result_dir = comp_args.result_dir size_compare = CodeSizeComparison(old_revision, new_revision, result_dir) return_code = size_compare.get_comparision_results() From 6a86258eab384700dbdc67c80809339083077028 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 24 May 2023 12:24:38 +0800 Subject: [PATCH 357/483] code_size_compare.py: support measurement of tfm-medium Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 66 ++++++++++++++++++++++++++++++++---- 1 file changed, 59 insertions(+), 7 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index fbc0dc171b..5b93b1a30f 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -40,6 +40,13 @@ class SupportedArch(Enum): X86_64 = 'x86_64' X86 = 'x86' +CONFIG_TFM_MEDIUM_MBEDCRYPTO_H = "../configs/tfm_mbedcrypto_config_profile_medium.h" +CONFIG_TFM_MEDIUM_PSA_CRYPTO_H = "../configs/crypto_config_profile_medium.h" +class SupportedConfig(Enum): + """Supported configuration for code size measurement.""" + DEFAULT = 'default' + TFM_MEDIUM = 'tfm-medium' + DETECT_ARCH_CMD = "cc -dM -E - < /dev/null" def detect_arch() -> str: """Auto-detect host architecture.""" @@ -56,14 +63,50 @@ def detect_arch() -> str: print("Unknown host architecture, cannot auto-detect arch.") sys.exit(1) +class CodeSizeInfo: # pylint: disable=too-few-public-methods + """Gather information used to measure code size. + + It collects information about architecture, configuration in order to + infer build command for code size measurement. + """ + + def __init__(self, arch: str, config: str) -> None: + """ + arch: architecture to measure code size on. + config: configuration type to measure code size with. + make_command: command to build library (Inferred from arch and config). + """ + self.arch = arch + self.config = config + self.make_command = self.set_make_command() + + def set_make_command(self) -> str: + """Infer build command based on architecture and configuration.""" + + if self.config == SupportedConfig.DEFAULT.value: + return 'make -j lib CFLAGS=\'-Os \' ' + elif self.arch == SupportedArch.AARCH32.value and \ + self.config == SupportedConfig.TFM_MEDIUM.value: + return \ + 'make -j lib CC=/usr/local/ArmCompilerforEmbedded6.19/bin/armclang \ + CFLAGS=\'--target=arm-arm-none-eabi -mcpu=cortex-m33 -Os \ + -DMBEDTLS_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_MBEDCRYPTO_H + '\\\" \ + -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_PSA_CRYPTO_H + '\\\" \'' + else: + print("Unsupported architecture: {} and configurations: {}" + .format(self.arch, self.config)) + sys.exit(1) + + class CodeSizeComparison: """Compare code size between two Git revisions.""" - def __init__(self, old_revision, new_revision, result_dir): + def __init__(self, old_revision, new_revision, result_dir, code_size_info): """ - old_revision: revision to compare against + old_revision: revision to compare against. new_revision: - result_dir: directory for comparison result + result_dir: directory for comparison result. + code_size_info: an object containing information to build library. """ self.repo_path = "." self.result_dir = os.path.abspath(result_dir) @@ -75,7 +118,7 @@ class CodeSizeComparison: self.old_rev = old_revision self.new_rev = new_revision self.git_command = "git" - self.make_command = "make" + self.make_command = code_size_info.make_command @staticmethod def validate_revision(revision): @@ -105,7 +148,7 @@ class CodeSizeComparison: my_environment = os.environ.copy() subprocess.check_output( - [self.make_command, "-j", "lib"], env=my_environment, + self.make_command, env=my_environment, shell=True, cwd=git_worktree_path, stderr=subprocess.STDOUT, ) @@ -228,6 +271,12 @@ def main(): help="specify architecture for code size comparison, default is the\ host architecture." ) + parser.add_argument( + "-c", "--config", type=str, default=SupportedConfig.DEFAULT.value, + choices=list(map(lambda s: s.value, SupportedConfig)), + help="specify configuration type for code size comparison,\ + default is the current MbedTLS configuration." + ) comp_args = parser.parse_args() if os.path.isfile(comp_args.result_dir): @@ -243,9 +292,12 @@ def main(): else: new_revision = "current" - print("Measure code size for architecture: {}".format(comp_args.arch)) + print("Measure code size for architecture: {}, configuration: {}" + .format(comp_args.arch, comp_args.config)) + code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config) result_dir = comp_args.result_dir - size_compare = CodeSizeComparison(old_revision, new_revision, result_dir) + size_compare = CodeSizeComparison(old_revision, new_revision, result_dir, + code_size_info) return_code = size_compare.get_comparision_results() sys.exit(return_code) From 41a0aad78dddcb43813f5cdea61ee6b8bbc51433 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Thu, 13 Apr 2023 16:32:21 +0100 Subject: [PATCH 358/483] code_size_compare.py: clean up worktree in errors of subprocess With this change, the program cleans up worktree in errors of execution of subprocess.checkout. Additionally, the error log is printed out for users. Signed-off-by: Aditya Deshpande Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 5b93b1a30f..0145349ae3 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -141,16 +141,20 @@ class CodeSizeComparison: git_worktree_path, revision], cwd=self.repo_path, stderr=subprocess.STDOUT ) + return git_worktree_path def _build_libraries(self, git_worktree_path): """Build libraries in the specified worktree.""" my_environment = os.environ.copy() - subprocess.check_output( - self.make_command, env=my_environment, shell=True, - cwd=git_worktree_path, stderr=subprocess.STDOUT, - ) + try: + subprocess.check_output( + self.make_command, env=my_environment, shell=True, + cwd=git_worktree_path, stderr=subprocess.STDOUT, + ) + except subprocess.CalledProcessError as e: + self._handle_called_process_error(e, git_worktree_path) def _gen_code_size_csv(self, revision, git_worktree_path): """Generate code size csv file.""" @@ -241,6 +245,20 @@ class CodeSizeComparison: self._get_code_size_for_rev(self.new_rev) return self.compare_code_size() + def _handle_called_process_error(self, e: subprocess.CalledProcessError, + git_worktree_path): + """Handle a CalledProcessError and quit the program gracefully. + Remove any extra worktrees so that the script may be called again.""" + + # Tell the user what went wrong + print("The following command: {} failed and exited with code {}" + .format(e.cmd, e.returncode)) + print("Process output:\n {}".format(str(e.output, "utf-8"))) + + # Quit gracefully by removing the existing worktree + self._remove_worktree(git_worktree_path) + sys.exit(-1) + def main(): parser = argparse.ArgumentParser( description=( From 369cd9617689bd56c0159f2b5b7b62575d9c1423 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 24 May 2023 17:13:29 +0800 Subject: [PATCH 359/483] code_size_compare.py: add suffix to code size report This commit adds suffix of architecture and configuration to the file of code size record and comparison result. Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 0145349ae3..b0d72e4adf 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -119,6 +119,8 @@ class CodeSizeComparison: self.new_rev = new_revision self.git_command = "git" self.make_command = code_size_info.make_command + self.fname_suffix = "-" + code_size_info.arch + "-" +\ + code_size_info.config @staticmethod def validate_revision(revision): @@ -159,7 +161,7 @@ class CodeSizeComparison: def _gen_code_size_csv(self, revision, git_worktree_path): """Generate code size csv file.""" - csv_fname = revision + ".csv" + csv_fname = revision + self.fname_suffix + ".csv" if revision == "current": print("Measuring code size in current work directory.") else: @@ -187,7 +189,7 @@ class CodeSizeComparison: """Generate code size csv file for the specified git revision.""" # Check if the corresponding record exists - csv_fname = revision + ".csv" + csv_fname = revision + self.fname_suffix + ".csv" if (revision != "current") and \ os.path.exists(os.path.join(self.csv_dir, csv_fname)): print("Code size csv file for", revision, "already exists.") @@ -202,10 +204,14 @@ class CodeSizeComparison: old and new. Measured code size results of these two revisions must be available.""" - old_file = open(os.path.join(self.csv_dir, self.old_rev + ".csv"), "r") - new_file = open(os.path.join(self.csv_dir, self.new_rev + ".csv"), "r") - res_file = open(os.path.join(self.result_dir, "compare-" + self.old_rev - + "-" + self.new_rev + ".csv"), "w") + old_file = open(os.path.join(self.csv_dir, self.old_rev + + self.fname_suffix + ".csv"), "r") + new_file = open(os.path.join(self.csv_dir, self.new_rev + + self.fname_suffix + ".csv"), "r") + res_file = open(os.path.join(self.result_dir, "compare-" + + self.old_rev + "-" + self.new_rev + + self.fname_suffix + + ".csv"), "w") res_file.write("file_name, this_size, old_size, change, change %\n") print("Generating comparison results.") From a3841ab2996cc683aa9d1916f896379b256ed148 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 24 May 2023 18:33:08 +0800 Subject: [PATCH 360/483] code_size_compare.py: add missing aes.o in code size comparison Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index b0d72e4adf..afc2c590f0 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -217,7 +217,7 @@ class CodeSizeComparison: print("Generating comparison results.") old_ds = {} - for line in old_file.readlines()[1:]: + for line in old_file.readlines(): cols = line.split(", ") fname = cols[0] size = int(cols[1]) @@ -225,7 +225,7 @@ class CodeSizeComparison: old_ds[fname] = size new_ds = {} - for line in new_file.readlines()[1:]: + for line in new_file.readlines(): cols = line.split(", ") fname = cols[0] size = int(cols[1]) From 60430bda37d292d5d7969ec67f8b5727f30a13a0 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 29 May 2023 14:48:18 +0800 Subject: [PATCH 361/483] code_size_compare.py: change default path of armclang Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index afc2c590f0..86facb964a 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -88,7 +88,7 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods elif self.arch == SupportedArch.AARCH32.value and \ self.config == SupportedConfig.TFM_MEDIUM.value: return \ - 'make -j lib CC=/usr/local/ArmCompilerforEmbedded6.19/bin/armclang \ + 'make -j lib CC=armclang \ CFLAGS=\'--target=arm-arm-none-eabi -mcpu=cortex-m33 -Os \ -DMBEDTLS_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_MBEDCRYPTO_H + '\\\" \ -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_PSA_CRYPTO_H + '\\\" \'' From da5cf4896e22a68333c70f0e38750320684b3719 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 29 May 2023 07:13:50 +0000 Subject: [PATCH 362/483] Add intermediate variable to represent the bytes of big num Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 2e2605bfd5..d1d7644b7d 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1568,6 +1568,7 @@ exit: void ecp_mod_read_write(char *input_A, int id, int ctype) { size_t limbs; + size_t bytes; mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_residue rA; // For input mbedtls_mpi_mod_residue rX; // For read back @@ -1588,17 +1589,18 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) ASSERT_ALLOC(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); + bytes = limbs * ciL; ASSERT_ALLOC(bufx, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, - limbs * ciL, + bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, - limbs * ciL, + bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); - TEST_EQUAL(rA.limbs, rX.limbs); - ASSERT_COMPARE(rA.p, rA.limbs * ciL, rX.p, rA.limbs * ciL); + TEST_EQUAL(limbs, rX.limbs); + ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); From 254f94bb43d916e21ea08011f436cd3b1a9c9016 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 29 May 2023 07:46:40 +0000 Subject: [PATCH 363/483] Add test code for big endian write/read Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index d1d7644b7d..e5ec3737a6 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1591,6 +1591,9 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) bytes = limbs * ciL; ASSERT_ALLOC(bufx, limbs); + /* Write source mod residue to a buffer, then read it back to + * the destination mod residue, compare the two mod residues. + * Firstly test little endian write and read */ TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); @@ -1602,6 +1605,20 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) TEST_EQUAL(limbs, rX.limbs); ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); + memset(bufx, 0x00, bytes); + memset(rX_raw, 0x00, bytes); + /* Then test big endian write and read */ + TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, + bytes, + MBEDTLS_MPI_MOD_EXT_REP_BE)); + + TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, + bytes, + MBEDTLS_MPI_MOD_EXT_REP_BE)); + + TEST_EQUAL(limbs, rX.limbs); + ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); + exit: mbedtls_mpi_mod_modulus_free(&m); mbedtls_mpi_mod_residue_release(&rA); From aba7158a6ff77556f483e224d32cb354172e39f5 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 29 May 2023 16:45:56 +0800 Subject: [PATCH 364/483] code_size_compare.py: add armv8-m option for arch Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 86facb964a..e61236ad3c 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -37,6 +37,7 @@ class SupportedArch(Enum): """Supported architecture for code size measurement.""" AARCH64 = 'aarch64' AARCH32 = 'aarch32' + ARMV8_M = 'armv8-m' X86_64 = 'x86_64' X86 = 'x86' @@ -85,7 +86,7 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods if self.config == SupportedConfig.DEFAULT.value: return 'make -j lib CFLAGS=\'-Os \' ' - elif self.arch == SupportedArch.AARCH32.value and \ + elif self.arch == SupportedArch.ARMV8_M.value and \ self.config == SupportedConfig.TFM_MEDIUM.value: return \ 'make -j lib CC=armclang \ @@ -316,9 +317,9 @@ def main(): else: new_revision = "current" - print("Measure code size for architecture: {}, configuration: {}" - .format(comp_args.arch, comp_args.config)) code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config) + print("Measure code size for architecture: {}, configuration: {}" + .format(code_size_info.arch, code_size_info.config)) result_dir = comp_args.result_dir size_compare = CodeSizeComparison(old_revision, new_revision, result_dir, code_size_info) From 2d412c6b24e9f5a59d99e5ce028df108767f1171 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:40 +0800 Subject: [PATCH 365/483] change path of mbedtls_x509_crl_info input data - Copy data_files/crl_expired.pem->data_files/parse_input/crl_expired.pem - Move data_files/crl_md5.pem->data_files/parse_input/crl_md5.pem - Move data_files/crl_sha1.pem->data_files/parse_input/crl_sha1.pem - Move data_files/crl_sha224.pem->data_files/parse_input/crl_sha224.pem - Copy data_files/crl_sha256.pem->data_files/parse_input/crl_sha256.pem - Move data_files/crl_sha384.pem->data_files/parse_input/crl_sha384.pem - Move data_files/crl_sha512.pem->data_files/parse_input/crl_sha512.pem - Copy data_files/crl-rsa-pss-sha1.pem->data_files/parse_input/crl-rsa-pss-sha1.pem - Copy data_files/crl-rsa-pss-sha224.pem->data_files/parse_input/crl-rsa-pss-sha224.pem - Copy data_files/crl-rsa-pss-sha256.pem->data_files/parse_input/crl-rsa-pss-sha256.pem - Copy data_files/crl-rsa-pss-sha384.pem->data_files/parse_input/crl-rsa-pss-sha384.pem - Copy data_files/crl-rsa-pss-sha512.pem->data_files/parse_input/crl-rsa-pss-sha512.pem - Copy data_files/crl-ec-sha1.pem->data_files/parse_input/crl-ec-sha1.pem - Move data_files/crl-ec-sha224.pem->data_files/parse_input/crl-ec-sha224.pem - Copy data_files/crl-ec-sha256.pem->data_files/parse_input/crl-ec-sha256.pem - Move data_files/crl-ec-sha384.pem->data_files/parse_input/crl-ec-sha384.pem - Move data_files/crl-ec-sha512.pem->data_files/parse_input/crl-ec-sha512.pem Signed-off-by: Jerry Yu --- tests/data_files/parse_input/crl-ec-sha1.pem | 10 ++++++ .../{ => parse_input}/crl-ec-sha224.pem | 0 .../data_files/parse_input/crl-ec-sha256.pem | 10 ++++++ .../{ => parse_input}/crl-ec-sha384.pem | 0 .../{ => parse_input}/crl-ec-sha512.pem | 0 .../parse_input/crl-rsa-pss-sha1.pem | 14 ++++++++ .../parse_input/crl-rsa-pss-sha224.pem | 16 +++++++++ .../parse_input/crl-rsa-pss-sha256.pem | 16 +++++++++ .../parse_input/crl-rsa-pss-sha384.pem | 16 +++++++++ .../parse_input/crl-rsa-pss-sha512.pem | 16 +++++++++ tests/data_files/parse_input/crl_expired.pem | 11 ++++++ .../data_files/{ => parse_input}/crl_md5.pem | 0 .../data_files/{ => parse_input}/crl_sha1.pem | 0 .../{ => parse_input}/crl_sha224.pem | 0 tests/data_files/parse_input/crl_sha256.pem | 11 ++++++ .../{ => parse_input}/crl_sha384.pem | 0 .../{ => parse_input}/crl_sha512.pem | 0 tests/suites/test_suite_x509parse.data | 34 +++++++++---------- 18 files changed, 137 insertions(+), 17 deletions(-) create mode 100644 tests/data_files/parse_input/crl-ec-sha1.pem rename tests/data_files/{ => parse_input}/crl-ec-sha224.pem (100%) create mode 100644 tests/data_files/parse_input/crl-ec-sha256.pem rename tests/data_files/{ => parse_input}/crl-ec-sha384.pem (100%) rename tests/data_files/{ => parse_input}/crl-ec-sha512.pem (100%) create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha1.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha224.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha256.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha384.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha512.pem create mode 100644 tests/data_files/parse_input/crl_expired.pem rename tests/data_files/{ => parse_input}/crl_md5.pem (100%) rename tests/data_files/{ => parse_input}/crl_sha1.pem (100%) rename tests/data_files/{ => parse_input}/crl_sha224.pem (100%) create mode 100644 tests/data_files/parse_input/crl_sha256.pem rename tests/data_files/{ => parse_input}/crl_sha384.pem (100%) rename tests/data_files/{ => parse_input}/crl_sha512.pem (100%) diff --git a/tests/data_files/parse_input/crl-ec-sha1.pem b/tests/data_files/parse_input/crl-ec-sha1.pem new file mode 100644 index 0000000000..8358640a0d --- /dev/null +++ b/tests/data_files/parse_input/crl-ec-sha1.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ +b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz +MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW +svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm +56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +-----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha224.pem b/tests/data_files/parse_input/crl-ec-sha224.pem similarity index 100% rename from tests/data_files/crl-ec-sha224.pem rename to tests/data_files/parse_input/crl-ec-sha224.pem diff --git a/tests/data_files/parse_input/crl-ec-sha256.pem b/tests/data_files/parse_input/crl-ec-sha256.pem new file mode 100644 index 0000000000..adfd5f8937 --- /dev/null +++ b/tests/data_files/parse_input/crl-ec-sha256.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln +S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX +g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +-----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha384.pem b/tests/data_files/parse_input/crl-ec-sha384.pem similarity index 100% rename from tests/data_files/crl-ec-sha384.pem rename to tests/data_files/parse_input/crl-ec-sha384.pem diff --git a/tests/data_files/crl-ec-sha512.pem b/tests/data_files/parse_input/crl-ec-sha512.pem similarity index 100% rename from tests/data_files/crl-ec-sha512.pem rename to tests/data_files/parse_input/crl-ec-sha512.pem diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha1.pem b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem new file mode 100644 index 0000000000..59ca4f703e --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx +ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x +NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4 +WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5 +1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM +MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC +AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS +4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0 +MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo +mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O +7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa +y6li0JzWNHtkKUlCv2+SESZbD3NU8GQZ +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha224.pem b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem new file mode 100644 index 0000000000..a51d5d9113 --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgShGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAIEogQCAgDiMDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjA2WhcNMjQwMTE4MTM1NjA2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCBKEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBAEJI +i9sQOzMvvOTksN48+X+kk/wkLMKRGI222lqU6y6tP1LX3OE/+KN8gPXR+lCC+e0v +TsRTJkpKEcmHZoP/8kOtZnLb9PdITKGMQnZ+dmn5MFEzZI/zyrYWuJTuK1Q83w0e +Mc88cAhu8i4PTk/WnsWDphK1Q2YRupmmwWSUpp1Z2rpR+YSCedC01TVrtSUJUBw9 +NSqKDhyWYJIbS6/bFaERswC8xlMRhyLHUvikjmAK36TbIdhTnEffHOPW75sEOEEB +f0A3VtlZ7y5yt2/a6vOauJCivxKt/PutdHfBqH43QQmoVLWC2FmT9ADTJwcsZB3D +a6JSqCIMRCQY2JOUn0A= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha256.pem b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem new file mode 100644 index 0000000000..f16a49118e --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgGhGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeMDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjE2WhcNMjQwMTE4MTM1NjE2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAEZ4 +oqp9i5eXrN6aCSTaU1j07MVTFW/U1jQAq6GseB6bEvoEXFMUHJsgAObqCK9flfEC +FEqXqWSo33hhPU7AKKttbDLjUYRNnQAPRUnRIl1/a1+UjqgKchWWD9ityeW8ICxo +IdATX9reYmPDLIMqTC7zuflYkvrvdEOuBORQP5mn4j8t84MSQF/p4qzaU0XxLo4X +ckzZCcHpa45AApCDjJMd9onhFVCYsykiYrF9NQFO8TI4lQ5jv79GoufEzvhY1SPB +r1xz4sMpfyaoPaa3SM2/nD65E5jzXell2u2VWNGKv4zAQP0E5yGel+1rklBltadb +XLdJyyak33CLBKu+nJc= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha384.pem b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem new file mode 100644 index 0000000000..50f7e4cd24 --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgDOMDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjI4WhcNMjQwMTE4MTM1NjI4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBAAco +SntUGDLBOAu0IIZaVea5Nt1NMsMcppC0hWPuH1LKAwyUODBqpT+0+AuALK0eIdYR +a7mAB+cv2fFwmwxnQWJ1Fvx4ft/N2AAfB83VRKpSo3xR8bxloHfTWKmyxJHmH9j1 +EYmLS86rj3Nhjf4m/YlQQ3Im5HwOgSgBOE8glq5D+0Wmsi9LsNEZXEzMw7TMUgbs +y9o/ghYF/shKU4mewK3DeM9gQiTcH5A4ISXR87hBQ08AKJRAG1CLvTyzqWiUUY+k +q8iZDYF17sHrPi2yn8q9c4zdxiaWDGDdL0Lh90wXGTAageoGEq25TMuL5FpX+u1u +KUH/xf1jEnNzbYNGiZw= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha512.pem b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem new file mode 100644 index 0000000000..0f1d6510bc --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgOhGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAIDogQCAgC+MDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjM4WhcNMjQwMTE4MTM1NjM4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBAB9F +ywBfxOjetxNbCFhOYoPY2jvFCFVdlowMGuxEhX/LktqiBXqRc2r5naQSzuHqO8Iq +1zACtiDLri0CvgSHlravBNeY4c2wj//ueFE89tY5pK9E6vZp7cV+RfMx2YfGPAA2 +t7tWZ2rJWzELg8cZ8hpjSwFH7JmgJzjE5gi2gADhBYO6Vv5S3SOgqNjiN1OM31AU +p6GHK5Y1jurF5Zwzs+w3wXoXgpOxxwEC4eiS86c9kNSudwTLvDTU0bYEQE1cF+K0 +sB8QWABFJfuO5kjD2w3rWgmAiOKsZoxd1xrda+WD3JhDXnoVq3oVBIVlWVz6YID8 +enMfMvwScA5AImzu9xA= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl_expired.pem b/tests/data_files/parse_input/crl_expired.pem new file mode 100644 index 0000000000..cf60ae4d78 --- /dev/null +++ b/tests/data_files/parse_input/crl_expired.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjQx +OVoXDTExMDIyMDExMjQxOVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKgP1XmCIPbfY1/UO+SVFQir +jArZ94QnQdoan4tJ29d8DmTxJ+z9/KyWNoGeOwc9P/2GQQaZahQOBr0f6lYd67Ct +wFVh/Q2zF8FgRcrQV7u/vJM33Q2yEsQkMGlM7rE5lC972vUKWu/NKq8bN9W/tWxZ +SFbvTXpv024aI0IRudpOCALnIy8SFhVb2/52IN2uR6qrFizDexMEdSckgpHuJzGS +IiANhIMn5LdQYJFjPgBzQU12tDdgzcpxtGhT10y4uQre+UbSjw+iVyml3issw59k +OSmkWFb06LamRC215JAMok3YQO5RnxCR8EjqPcJr+7+O9a1O1++yiaitg4bUjEA= +-----END X509 CRL----- diff --git a/tests/data_files/crl_md5.pem b/tests/data_files/parse_input/crl_md5.pem similarity index 100% rename from tests/data_files/crl_md5.pem rename to tests/data_files/parse_input/crl_md5.pem diff --git a/tests/data_files/crl_sha1.pem b/tests/data_files/parse_input/crl_sha1.pem similarity index 100% rename from tests/data_files/crl_sha1.pem rename to tests/data_files/parse_input/crl_sha1.pem diff --git a/tests/data_files/crl_sha224.pem b/tests/data_files/parse_input/crl_sha224.pem similarity index 100% rename from tests/data_files/crl_sha224.pem rename to tests/data_files/parse_input/crl_sha224.pem diff --git a/tests/data_files/parse_input/crl_sha256.pem b/tests/data_files/parse_input/crl_sha256.pem new file mode 100644 index 0000000000..c3ca25699f --- /dev/null +++ b/tests/data_files/parse_input/crl_sha256.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw +N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQELBQADggEBAG4mBBgwfNynCYYL2CEnqore +mgKpC32tB6WiUBu9figcvdN3nSX/1wrB8rpiE8R04C8oSFglwhotJCnlWsy42tjb +0pk0Wuizln0PFMc/OypqRNNhwx31SHH42W4KzONiqvq3n/WkH3M1YniR1ZnMlyvi +lJioQn6ZAoc6O6mMP1J9duKYYhiMAOV992PD1/iqXw+jYN31RwdIS8/mGzIs4ake +EdviwhM3E4/sVbNOWCOnZFYV4m+yNAEe29HL1VKw6UXixBczct+brqXNVD3U6T0F +5ovR6BTefZO17eT52Duke5RZGDUyQOGywxOYKI5W+FcOYdp+U5Idk399tAz2Mdw= +-----END X509 CRL----- diff --git a/tests/data_files/crl_sha384.pem b/tests/data_files/parse_input/crl_sha384.pem similarity index 100% rename from tests/data_files/crl_sha384.pem rename to tests/data_files/parse_input/crl_sha384.pem diff --git a/tests/data_files/crl_sha512.pem b/tests/data_files/parse_input/crl_sha512.pem similarity index 100% rename from tests/data_files/crl_sha512.pem rename to tests/data_files/parse_input/crl_sha512.pem diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2d799a03af..c52c88a106 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -232,71 +232,71 @@ x509_parse_san:"data_files/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name X509 CRL information #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information MD5 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" X509 CRL Information SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" X509 CRL information RSA-PSS, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" X509 CRL information RSA-PSS, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" X509 CRL Information EC, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" X509 CRL Information EC, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" X509 CRL Malformed Input (trailing spaces at end of file) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_VERIFY From 85b0758b41b8c6b2bf06d2c53a6ab1b570fdf10b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:42 +0800 Subject: [PATCH 366/483] change path of x509_cert_info input data - Copy data_files/server1.crt->data_files/parse_input/server1.crt - Move data_files/server1.crt.der->data_files/parse_input/server1.crt.der - Copy data_files/server2.crt->data_files/parse_input/server2.crt - Copy data_files/server2.crt.der->data_files/parse_input/server2.crt.der - Copy data_files/test-ca.crt->data_files/parse_input/test-ca.crt - Move data_files/test-ca.crt.der->data_files/parse_input/test-ca.crt.der - Copy data_files/cert_md5.crt->data_files/parse_input/cert_md5.crt - Copy data_files/cert_sha1.crt->data_files/parse_input/cert_sha1.crt - Copy data_files/cert_sha224.crt->data_files/parse_input/cert_sha224.crt - Copy data_files/cert_sha256.crt->data_files/parse_input/cert_sha256.crt - Copy data_files/cert_sha384.crt->data_files/parse_input/cert_sha384.crt - Copy data_files/cert_sha512.crt->data_files/parse_input/cert_sha512.crt - Copy data_files/server9.crt->data_files/parse_input/server9.crt - Copy data_files/server9-sha224.crt->data_files/parse_input/server9-sha224.crt - Copy data_files/server9-sha256.crt->data_files/parse_input/server9-sha256.crt - Copy data_files/server9-sha384.crt->data_files/parse_input/server9-sha384.crt - Copy data_files/server9-sha512.crt->data_files/parse_input/server9-sha512.crt - Copy data_files/server5-sha1.crt->data_files/parse_input/server5-sha1.crt - Copy data_files/server5-sha224.crt->data_files/parse_input/server5-sha224.crt - Copy data_files/server5.crt->data_files/parse_input/server5.crt - Copy data_files/server5-sha384.crt->data_files/parse_input/server5-sha384.crt - Copy data_files/server5-sha512.crt->data_files/parse_input/server5-sha512.crt - Copy data_files/server5-othername.crt->data_files/parse_input/server5-othername.crt - Copy data_files/server5-nonprintable_othername.crt->data_files/parse_input/server5-nonprintable_othername.crt - Copy data_files/server5-directoryname.crt.der->data_files/parse_input/server5-directoryname.crt.der - Move data_files/server5-two-directorynames.crt.der->data_files/parse_input/server5-two-directorynames.crt.der - Move data_files/server5-fan.crt->data_files/parse_input/server5-fan.crt - Copy data_files/server1.cert_type.crt->data_files/parse_input/server1.cert_type.crt - Copy data_files/server1.key_usage.crt->data_files/parse_input/server1.key_usage.crt - Copy data_files/keyUsage.decipherOnly.crt->data_files/parse_input/keyUsage.decipherOnly.crt - Copy data_files/cert_example_multi.crt->data_files/parse_input/cert_example_multi.crt - Copy data_files/multiple_san.crt->data_files/parse_input/multiple_san.crt - Copy data_files/cert_example_multi_nocn.crt->data_files/parse_input/cert_example_multi_nocn.crt - Move data_files/rsa_single_san_uri.crt.der->data_files/parse_input/rsa_single_san_uri.crt.der - Move data_files/rsa_multiple_san_uri.crt.der->data_files/parse_input/rsa_multiple_san_uri.crt.der - Move data_files/test-ca-any_policy.crt->data_files/parse_input/test-ca-any_policy.crt - Move data_files/test-ca-any_policy_ec.crt->data_files/parse_input/test-ca-any_policy_ec.crt - Move data_files/test-ca-any_policy_with_qualifier.crt->data_files/parse_input/test-ca-any_policy_with_qualifier.crt - Move data_files/test-ca-any_policy_with_qualifier_ec.crt->data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt - Move data_files/test-ca-multi_policy.crt->data_files/parse_input/test-ca-multi_policy.crt - Move data_files/test-ca-multi_policy_ec.crt->data_files/parse_input/test-ca-multi_policy_ec.crt - Move data_files/test-ca-unsupported_policy.crt->data_files/parse_input/test-ca-unsupported_policy.crt - Move data_files/test-ca-unsupported_policy_ec.crt->data_files/parse_input/test-ca-unsupported_policy_ec.crt - Move data_files/server1.ext_ku.crt->data_files/parse_input/server1.ext_ku.crt - Copy data_files/server4.crt->data_files/parse_input/server4.crt - Copy data_files/server3.crt->data_files/parse_input/server3.crt - Move data_files/bitstring-in-dn.pem->data_files/parse_input/bitstring-in-dn.pem - Move data_files/non-ascii-string-in-issuer.crt->data_files/parse_input/non-ascii-string-in-issuer.crt Signed-off-by: Jerry Yu --- .../{ => parse_input}/bitstring-in-dn.pem | 0 .../parse_input/cert_example_multi.crt | 17 ++++ .../parse_input/cert_example_multi_nocn.crt | 13 +++ tests/data_files/parse_input/cert_md5.crt | 20 ++++ tests/data_files/parse_input/cert_sha1.crt | 20 ++++ tests/data_files/parse_input/cert_sha224.crt | 20 ++++ tests/data_files/parse_input/cert_sha256.crt | 20 ++++ tests/data_files/parse_input/cert_sha384.crt | 20 ++++ tests/data_files/parse_input/cert_sha512.crt | 20 ++++ .../parse_input/keyUsage.decipherOnly.crt | 14 +++ tests/data_files/parse_input/multiple_san.crt | 12 +++ .../non-ascii-string-in-issuer.crt | 0 .../rsa_multiple_san_uri.crt.der | Bin .../rsa_single_san_uri.crt.der | Bin .../parse_input/server1.cert_type.crt | 20 ++++ tests/data_files/parse_input/server1.crt | 20 ++++ .../{ => parse_input}/server1.crt.der | Bin .../{ => parse_input}/server1.ext_ku.crt | 0 .../parse_input/server1.key_usage.crt | 20 ++++ tests/data_files/parse_input/server2.crt | 20 ++++ tests/data_files/parse_input/server2.crt.der | Bin 0 -> 827 bytes tests/data_files/parse_input/server3.crt | 17 ++++ tests/data_files/parse_input/server4.crt | 18 ++++ .../parse_input/server5-directoryname.crt.der | Bin 0 -> 498 bytes .../{ => parse_input}/server5-fan.crt | 0 .../server5-nonprintable_othername.crt | 12 +++ .../parse_input/server5-othername.crt | 11 ++ tests/data_files/parse_input/server5-sha1.crt | 14 +++ .../data_files/parse_input/server5-sha224.crt | 14 +++ .../data_files/parse_input/server5-sha384.crt | 14 +++ .../data_files/parse_input/server5-sha512.crt | 14 +++ .../server5-two-directorynames.crt.der | Bin tests/data_files/parse_input/server5.crt | 14 +++ .../data_files/parse_input/server9-sha224.crt | 20 ++++ .../data_files/parse_input/server9-sha256.crt | 20 ++++ .../data_files/parse_input/server9-sha384.crt | 20 ++++ .../data_files/parse_input/server9-sha512.crt | 20 ++++ tests/data_files/parse_input/server9.crt | 19 ++++ .../{ => parse_input}/test-ca-any_policy.crt | 0 .../test-ca-any_policy_ec.crt | 0 .../test-ca-any_policy_with_qualifier.crt | 0 .../test-ca-any_policy_with_qualifier_ec.crt | 0 .../test-ca-multi_policy.crt | 0 .../test-ca-multi_policy_ec.crt | 0 .../test-ca-unsupported_policy.crt | 0 .../test-ca-unsupported_policy_ec.crt | 0 tests/data_files/parse_input/test-ca.crt | 20 ++++ .../{ => parse_input}/test-ca.crt.der | Bin tests/suites/test_suite_x509parse.data | 96 +++++++++--------- 49 files changed, 551 insertions(+), 48 deletions(-) rename tests/data_files/{ => parse_input}/bitstring-in-dn.pem (100%) create mode 100644 tests/data_files/parse_input/cert_example_multi.crt create mode 100644 tests/data_files/parse_input/cert_example_multi_nocn.crt create mode 100644 tests/data_files/parse_input/cert_md5.crt create mode 100644 tests/data_files/parse_input/cert_sha1.crt create mode 100644 tests/data_files/parse_input/cert_sha224.crt create mode 100644 tests/data_files/parse_input/cert_sha256.crt create mode 100644 tests/data_files/parse_input/cert_sha384.crt create mode 100644 tests/data_files/parse_input/cert_sha512.crt create mode 100644 tests/data_files/parse_input/keyUsage.decipherOnly.crt create mode 100644 tests/data_files/parse_input/multiple_san.crt rename tests/data_files/{ => parse_input}/non-ascii-string-in-issuer.crt (100%) rename tests/data_files/{ => parse_input}/rsa_multiple_san_uri.crt.der (100%) rename tests/data_files/{ => parse_input}/rsa_single_san_uri.crt.der (100%) create mode 100644 tests/data_files/parse_input/server1.cert_type.crt create mode 100644 tests/data_files/parse_input/server1.crt rename tests/data_files/{ => parse_input}/server1.crt.der (100%) rename tests/data_files/{ => parse_input}/server1.ext_ku.crt (100%) create mode 100644 tests/data_files/parse_input/server1.key_usage.crt create mode 100644 tests/data_files/parse_input/server2.crt create mode 100644 tests/data_files/parse_input/server2.crt.der create mode 100644 tests/data_files/parse_input/server3.crt create mode 100644 tests/data_files/parse_input/server4.crt create mode 100644 tests/data_files/parse_input/server5-directoryname.crt.der rename tests/data_files/{ => parse_input}/server5-fan.crt (100%) create mode 100644 tests/data_files/parse_input/server5-nonprintable_othername.crt create mode 100644 tests/data_files/parse_input/server5-othername.crt create mode 100644 tests/data_files/parse_input/server5-sha1.crt create mode 100644 tests/data_files/parse_input/server5-sha224.crt create mode 100644 tests/data_files/parse_input/server5-sha384.crt create mode 100644 tests/data_files/parse_input/server5-sha512.crt rename tests/data_files/{ => parse_input}/server5-two-directorynames.crt.der (100%) create mode 100644 tests/data_files/parse_input/server5.crt create mode 100644 tests/data_files/parse_input/server9-sha224.crt create mode 100644 tests/data_files/parse_input/server9-sha256.crt create mode 100644 tests/data_files/parse_input/server9-sha384.crt create mode 100644 tests/data_files/parse_input/server9-sha512.crt create mode 100644 tests/data_files/parse_input/server9.crt rename tests/data_files/{ => parse_input}/test-ca-any_policy.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-any_policy_ec.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-any_policy_with_qualifier.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-any_policy_with_qualifier_ec.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-multi_policy.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-multi_policy_ec.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-unsupported_policy.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-unsupported_policy_ec.crt (100%) create mode 100644 tests/data_files/parse_input/test-ca.crt rename tests/data_files/{ => parse_input}/test-ca.crt.der (100%) diff --git a/tests/data_files/bitstring-in-dn.pem b/tests/data_files/parse_input/bitstring-in-dn.pem similarity index 100% rename from tests/data_files/bitstring-in-dn.pem rename to tests/data_files/parse_input/bitstring-in-dn.pem diff --git a/tests/data_files/parse_input/cert_example_multi.crt b/tests/data_files/parse_input/cert_example_multi.crt new file mode 100644 index 0000000000..0e3295dc71 --- /dev/null +++ b/tests/data_files/parse_input/cert_example_multi.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICojCCAYqgAwIBAgIBETANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwNzEwMTEyNzUyWhcNMjkwNzEwMTEyNzUyWjA6MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAxziSxcP0cBAIa/gTNezzARyKJQ+VgjYeqh6W +ElUarPh7dTMLcFcznNmV8U1MRDfIvsSgP+RkPNPzyQJDPcN8W455qgmEroITNwq/ +hWm9KjVibLH+5KzgQrJBfHvknScUmywHa45DPT9sdjpGmhxwDSWdvAjHQPzYAjdi +/33r/C0CAwEAAaM2MDQwMgYDVR0RBCswKYILZXhhbXBsZS5jb22CC2V4YW1wbGUu +bmV0gg0qLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQCJbFizurHz804x +6NbsvsPPgLcESq0OcGOEXOCOe8seZqomhSYTXtHBzrFtRp2/gmtORq2oapoDDiq+ +I+xRLJYsUBut2NdkZmEIRSW4n4sXJwqb0fXTTkd7EAXBvGNWbERab5Sbf84oqd4t +yjjz2u+Hvx8hZCHJG2V9qg3zaw5zJT1AfAsMbjXqi8CfU7U+Fcor+O3GeuUVgpJC +QCXb2Qjj3ZmrCvGZA9x59XtnEN6m2O4pWkmqR/Z7MlQrZzQ80vcQMk9+qoKIr2EJ +RcJhAtE+dLV19IlccwsDlGx5kT5N5zSYLK9nARV1/AjK48bUxGH353A1Y2MCfy0E +dXDReJa1 +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_example_multi_nocn.crt b/tests/data_files/parse_input/cert_example_multi_nocn.crt new file mode 100644 index 0000000000..1634846e1b --- /dev/null +++ b/tests/data_files/parse_input/cert_example_multi_nocn.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV +BAYTAk5MMB4XDTE0MDEyMjEwMDQzM1oXDTI0MDEyMjEwMDQzM1owDTELMAkGA1UE +BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2pt +WZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNz +UnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ +81kybdHg6G3eUu1mtKkL2kCVAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMEkGA1UdEQRCMECCHHd3dy5zaG90b2thbi1icmF1bnNjaHdlaWcuZGWCFHd3 +dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4GB +ABjx1ytrqCyFC5/0cjWnbLK9vsvLny2ZikDewfRxqJ5zAxGWLqHOr1SmUmu2DrvB +bkT9g5z19+iMhPnzJz1x7Q2m7WTIJTuUPK+hKZJATDLNhZ86h5Nkw8k9YzKcOrPm +EIqsy55CSgLU0ntljqSBvSb4ifrF1NnIWej2lSfN6r+3 +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_md5.crt b/tests/data_files/parse_input/cert_md5.crt new file mode 100644 index 0000000000..e514fd631c --- /dev/null +++ b/tests/data_files/parse_input/cert_md5.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBBjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f +M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu +1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw +MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v +4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/ +/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQQFAAOC +AQEAF4QcMshVtVbYgvvU7f2lWakubbAISM/k+FW/f7u63m0MSSoSFeYflBOC1Wf4 +imgDEnWcWTH5V7sxsLNogxfpfTuFUaKfHeQmRhAK4UgqbDEs4dZvgo3wZ/w92G0/ +QNntJefnqaFiITXZTn6J8hxeoEq4QbucbWgeY6fTAwXtIv40BvMOSakkuIFAyIvV +90VY1j4vnx0/xv5lIBAxah1HdtXhqtDu/sUfdCtWX5SCcVUwwM3gZ4Q1ZdWQmlvF +737ZG7XaINxsDaI04sJxc7qvuRYhLdCwUPnZL5TGEQJ8jNa/39eEbnkvs7hbTU98 +6qG8UAYsSI7aMe1j7DZpkoPL9w== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha1.crt b/tests/data_files/parse_input/cert_sha1.crt new file mode 100644 index 0000000000..1e23585c55 --- /dev/null +++ b/tests/data_files/parse_input/cert_sha1.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQDCCAiigAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGzAZBgNVBAMMElBvbGFyU1NMIENlcnQgU0hBMTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J +v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB +Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl +XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk +65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP +cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA +AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw +HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD +ggEBAFAHuWfjOp+GaM5dP3NBaUayXmjbrsY5fo/ysfOVV9xipzbPWvE2Bu679iU1 +Eg+5hME9VlMmQejGzG09ReXE+30gyhtO3vWA8U21YrsL3ybvS6EREHGKk238bIBh +yDP/b0VuoNsS3xRn9WyH3TRu5re0vK68OSkLIWPd01fgvcfl6YyUY+WuuSrpYcDv +nrgKvFZws/EE4RNldtRC1Blwy497AtmWBQWs65zj5JkNdNnm4JJqXZAArNh2GSZo +83C/1ZSFrNo9GONsCJ0GVGEt7IK7FPqXYW7rXi30BRse33ziU7RPWGDT13bh9Rdz +RqsoZ5h5VjtHOnMUUD99gIWinBE= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha224.crt b/tests/data_files/parse_input/cert_sha224.crt new file mode 100644 index 0000000000..c8a209d0c3 --- /dev/null +++ b/tests/data_files/parse_input/cert_sha224.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh +Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq +1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht +gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l +LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu +pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID +AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC +pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ4F +AAOCAQEATdo7p7dok8gcxS0dYGluXMOsAEALyHAgvAJSZUt0x8RxemJfpquv4XG/ +rppQmtA5aPf59Fo0z5GcS0zzYFLTQIcLHKnuuG0W6yjhx3e+5J1hjLbv///vvKGN +jq55z+CANkragMk6XQ/t+iXkh/Fq00FS+zbf1JLaMXOLst5dfv3uPQaJHwzX/EaE +VdognXxWudNQgIvemindk9TTQon27zBS/z6nwcBCIXMDfesAjcHuBCfxl6pofK6E +28qs4up/JayptG2CX98LGsEyAgegwTMSYGLJoWcHhrUcbF0fNOcXPgQKGTcZO4Tg +yPYGbkG9FjgaASc2gTrYVPRZ6mY19g== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha256.crt b/tests/data_files/parse_input/cert_sha256.crt new file mode 100644 index 0000000000..e56d428530 --- /dev/null +++ b/tests/data_files/parse_input/cert_sha256.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh +Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq +1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht +gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l +LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu +pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID +AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC +pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsF +AAOCAQEAuo8kRDdQj3+rgqbz7bS3ZfBVCqgbQfruRZncP0s3IQJ6g7k6BNfCTO+N +tIgnCDhnhjK9DS4l1LTkQJKfcd6sfuwBxjHKWGZUqTqHWFm/O5MJwfMpxI305xXE +evDzh8LK1W3moX5OcT4bx3QsY9I4nqXQkOzjGidxhOXYA2v+X5OhRt3IJ2dzmQQu +BVXnDbzuchUfP5aeCwW6l7VX+RJOE2zlqO5yt0ejT02E44qtC5sBf24V9ko5LORw +1J7Zk34QwsKrSPSGxOuoWNwH3fJpgZQImKgJIQCsksJ+A45CK6iz0km8oTiI3Hoo +2LpE6UNx2M8jiZWVzH1L4tkg4fcCoQ== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha384.crt b/tests/data_files/parse_input/cert_sha384.crt new file mode 100644 index 0000000000..f8ec10b66d --- /dev/null +++ b/tests/data_files/parse_input/cert_sha384.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIBCjANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh +Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq +1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht +gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l +LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu +pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID +AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC +pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQwF +AAOCAQEAeyHm+emo4/QHqEVKj/MYPOsPrrcr5MupNE7WmoUA7SilVUlceIy8ApWR +MUdwnh7UPkCa6K1yvayknEbHzD2Lv9BLEf5A1/a+F/LmFXiV0kXIFue13u+z7laV +N/s/jphPVgjPwZiC1ZtOoD7WvSkIInB53j4Q3VCH6EpZxZuDO/u8CGBQ0g+9Eqhn +W3+4GFnxUPYeN17u/opt16mEPx6WFbRl9hs5wUvND/FCDEJ/9uVNiVYlPYyHKzzq +e3WXCHLYUKGESQX+85IrnmlwbAb33bM+sAM6naFafXTZEimeEpX3iYrHzhoU7aR7 +piojwAE+Yb3Ac+Hu1fY4CRO4ZHL6Zg== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha512.crt b/tests/data_files/parse_input/cert_sha512.crt new file mode 100644 index 0000000000..b2254fa729 --- /dev/null +++ b/tests/data_files/parse_input/cert_sha512.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh +Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq +1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht +gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l +LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu +pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID +AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC +pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ0F +AAOCAQEABnuq7gMU6EWqcmEcj2/wiqOFUBeH9ro0tni9JZzaDAKkBMwoeJ3RP/59 +wY92UZC/SoWPm0yLK25KTwxJhd645a5ZeRk+yi1SG+oXNgZFS03F1Orat0bM5u94 +RtzLRInGzTxhlVS8HPRya2+nEaPT9YNO25vORczPDjtrI82UnysaWiKx1OCPhdP3 +ZySAkX/zE1U8Te0+948C0vmg2aTWCSk5zutryFgHH5UojmmWAkBHpX3tIm8JMRG9 +tvp6fbIDan0LmSsVK8rq5OPSwAKMso6GF4Iuxou/jP2gI+NutenX26wrffSjlPiW +KksLNj8oL6vIUap28Oh+Gwph02biSQ== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/keyUsage.decipherOnly.crt b/tests/data_files/parse_input/keyUsage.decipherOnly.crt new file mode 100644 index 0000000000..7c379787a4 --- /dev/null +++ b/tests/data_files/parse_input/keyUsage.decipherOnly.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICFzCCAYCgAwIBAgIJAJsTzkylb95SMA0GCSqGSIb3DQEBBQUAMD8xCzAJBgNV +BAYTAkdCMRIwEAYDVQQHDAlDYW1icmlkZ2UxHDAaBgNVBAoME0RlZmF1bHQgQ29t +cGFueSBMdGQwHhcNMTUwNTEyMTAzNjU1WhcNMTgwNTExMTAzNjU1WjA/MQswCQYD +VQQGEwJHQjESMBAGA1UEBwwJQ2FtYnJpZGdlMRwwGgYDVQQKDBNEZWZhdWx0IENv +bXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9nxYOSbha/Ap4 +6rACrOMH7zfDD+0ZEHhbO0bgGRjc5ElvOaNuD321y9TnyAx+JrqPp/lFrAgNiVo1 +HPurPHfcJ+tNBUgBHboWGNENNaf9ovwFPawsBzEZraGnDaqVPEFcIsUQPVqO1lrQ +CHLUjtqo1hMZDqe/Web0Mw9cZrqOaQIDAQABoxswGTAJBgNVHRMEAjAAMAwGA1Ud +DwQFAwMH4IAwDQYJKoZIhvcNAQEFBQADgYEAJ0NS2wUbgRelK0qKxrR2Ts6jVYEH +bmykx3GHjFyKpscDIn2vNyyB7ygfFglZPcw+2mn3xuVIwOV/mWxFvKHk+j2WrTQL +tDqSC5BhFoR01veFu07JdEYvz+I+NCL5z0IGWXkUrk235Wl4w4WMZDnXTqncMNEk +fLtpo9y79XD00QY= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/multiple_san.crt b/tests/data_files/parse_input/multiple_san.crt new file mode 100644 index 0000000000..8cdc730611 --- /dev/null +++ b/tests/data_files/parse_input/multiple_san.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB2jCCAYCgAwIBAgIBBDAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11bHRpcGxlIG90aGVy +bmFtZSBTQU4wHhcNMTkwNDIyMTYxMDQ4WhcNMjkwNDE5MTYxMDQ4WjBKMQswCQYD +VQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11 +bHRpcGxlIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3 +zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI +wmt3DVXNiioO+gHItO3/o1cwVTBTBgNVHREETDBKggtleGFtcGxlLmNvbaAfBggr +BgEFBQcIBKATMBEGBysGAQQBEQMEBjEyMzQ1NoILZXhhbXBsZS5uZXSCDSouZXhh +bXBsZS5vcmcwCgYIKoZIzj0EAwIDSAAwRQIhAMZUkp+pcuFQ3WWdgvV4Y+tIXOyS +L6p0RtEAOi/GgigVAiB50n3rIUKjapYstPp3yOpGZGyRxnc6uRdSiMH5wLA4yw== +-----END CERTIFICATE----- diff --git a/tests/data_files/non-ascii-string-in-issuer.crt b/tests/data_files/parse_input/non-ascii-string-in-issuer.crt similarity index 100% rename from tests/data_files/non-ascii-string-in-issuer.crt rename to tests/data_files/parse_input/non-ascii-string-in-issuer.crt diff --git a/tests/data_files/rsa_multiple_san_uri.crt.der b/tests/data_files/parse_input/rsa_multiple_san_uri.crt.der similarity index 100% rename from tests/data_files/rsa_multiple_san_uri.crt.der rename to tests/data_files/parse_input/rsa_multiple_san_uri.crt.der diff --git a/tests/data_files/rsa_single_san_uri.crt.der b/tests/data_files/parse_input/rsa_single_san_uri.crt.der similarity index 100% rename from tests/data_files/rsa_single_san_uri.crt.der rename to tests/data_files/parse_input/rsa_single_san_uri.crt.der diff --git a/tests/data_files/parse_input/server1.cert_type.crt b/tests/data_files/parse_input/server1.cert_type.crt new file mode 100644 index 0000000000..34fe4f6a40 --- /dev/null +++ b/tests/data_files/parse_input/server1.cert_type.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUjCCAjqgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC +BkAwDQYJKoZIhvcNAQEFBQADggEBAElJPaCG6aFHoymoCrzckPfjENxgXW2czh5t +TsMPshkzX5p2AU89GBGdy0gQwoPuMtcznsDe4adM6Na8f30YDffATsgDECMIWtV1 +XVYKQIwFmZzEt4B+5sUmyMOLtTuuZBThOLPwOw8e4RnILKOYPHnQNRf6Eap4lFDx +lp2pAaiXMDWH88gmWoU5XrGTppllYV0IorzJ4xV9Sg3ittNwNO40ehVQDAseFwZH +iyh9iHz4BqtWjElmQ3hL8N/Cbqp3iN15h2pUgIj8JIt9rCsIZrsG3K42iSlPzEn2 +DCzWQSj9cQNCRVJnwgJAWnC1Hx0YYFQMgQquVxnK15THTGQAeB8= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server1.crt b/tests/data_files/parse_input/server1.crt new file mode 100644 index 0000000000..258da5e173 --- /dev/null +++ b/tests/data_files/parse_input/server1.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC +AQEAf2k5OiORp60gBNqioC2mIqSXA0CU/qzllt8IvlcMv1V0PAP9f4IEm5mdkERr +UXjnB1Tr3edrsvXLgZ9vEosbFpNMsKfsmBkpjgWG2ui8pdn8cJiws4k4h5fuueSw +Ps1FLK5Tfpi+GJyPqk4ha9Ojp2p9opuA0aIfLuxI+0UzXH4wgrEW/Yydowv959gf +gGSl766CRdUvJbXOeVryFjFTRfLFFNfTvrftZk1dl8tas1nim8xfWet+BZVvq2zY +C7LeCI9nrfuAxfMJTrWFp17y72+hCDk7NEaB2ZLVuAM/ri7LWrr2V2hLFdIAhfC2 +nUaulRRpGt/ZTISw6uSIumNoNA== +-----END CERTIFICATE----- diff --git a/tests/data_files/server1.crt.der b/tests/data_files/parse_input/server1.crt.der similarity index 100% rename from tests/data_files/server1.crt.der rename to tests/data_files/parse_input/server1.crt.der diff --git a/tests/data_files/server1.ext_ku.crt b/tests/data_files/parse_input/server1.ext_ku.crt similarity index 100% rename from tests/data_files/server1.ext_ku.crt rename to tests/data_files/parse_input/server1.ext_ku.crt diff --git a/tests/data_files/parse_input/server1.key_usage.crt b/tests/data_files/parse_input/server1.key_usage.crt new file mode 100644 index 0000000000..9d70b0018f --- /dev/null +++ b/tests/data_files/parse_input/server1.key_usage.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTzCCAjegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCBeAw +DQYJKoZIhvcNAQEFBQADggEBAHM8eESmE8CQvuCw2/w1JSWKaU9cJIvrtpJXavRC +yMEv6SQL0hxrNZBhFPM8vAiq6zBdic2HwuiZ9N/iEXuCf92SOcK4b/2/Flos0JI5 +quu4eGkwoNrOvfZUcO7SB8JHUvmJtTP+avF3QeRfHo9bHRtnyOs9GXqq+CMZiNgO +Bw+/tAOml3tV1Uf+yjp6XroWLRNMbvY1Sor4UW6FFMpOii/vlJ4450OlpcJdRU70 +LpHfxjmPNvc9YOPWve75/+CNF9lMi29UoEUYslxMPylZ/L0vYxi+xuvQBTaLiZeP +CJ59Mc63LEmJNSAwnnV8s2KXL/Okm32lf6sy0fjsrvAdoCc= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server2.crt b/tests/data_files/parse_input/server2.crt new file mode 100644 index 0000000000..074519676b --- /dev/null +++ b/tests/data_files/parse_input/server2.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN +owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz +NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM +tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P +hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya +HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD +VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw +FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4 +cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A +O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc +KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE +iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp +HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap +Awgk0+4m0T25cNs= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server2.crt.der b/tests/data_files/parse_input/server2.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..9cfa9ab1407b99e7f2937f47a7abf7f297a5c27c GIT binary patch literal 827 zcmXqLVm3EuVv=9L%*4n9L%5h)*oCMkXBRVcEPp4LJ#Bf=mI?25i>mBYX8qY_vPR`=`2)3- zo;e#dY8T#m)${D6%(OlK4zdJoHoLO;*TaovHzpiR+>#b#wn!~_)#{Qs_FBoN+gdl| z7u@8P(e+IG9<5sJ_JX_1Ka*!G!-R*ongr5n*M(?zr&dl}_$cx4SqD#!cNsh%yW1|g z?Z2>Nl_0ZReb@>qITs0j{?_hW-7ayDB#tHNA5ZK36?>!hvwEi{6u~JpTQa5Tn6# zCT2zk#>Kt{-r$In6=q>FU@(vc2BRz=ix`W@Qq~tKJMP?1;13Y;O<0k#-nZL%vVlBE zTA4+{K&(MzOVpF4o9|r;`nL1xvZ?&9?e-l1`yV;Lfyn|G;EW72RhvsJ3gq6uk$H3E z{Cj<+IR)=lEcbtqZfwyc-Mu=^{FZ0QhI30iu8PdOy>4~&{vVlBQtmcb|GV>}#=6DO zMd@40_hXGx2HmS_56@yevH!>m=XKAkA_I=gPU)|;wY{NirvLg&@f?i{61E#+niq3Q zrY^o|WVPqooGLAyKNfz;a-o;(((9IV{+oH_62C`NZ8wvI#F8YJ4rkkgc@G6n8qD%l z{C8^RrcF5#brBolulk9s`ZLw<>f2>0wd>ctnW-_=arJv$o@<(NPP?}1Oikn{R=Rs> z%b_rhll6;dnlbkL+N!Yib^q1{`91nY*P4&MmRPp;N}Y(svX#snDwp4>U9{a`S3_%W5xD%bsWkr=M6pErN#G)@x+$5{}-1U z6dMEqJt`~6;%(r$#GP7BmIax~$0Eie5|FsG{|fuf>rIS2PgCoAlHHaI??a9YW)B7f zS0;sQyF0V=PrLrIP&8TlEv\n \nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +x509_cert_info:"data_files/parse_input/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n \n \nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, Subject Alt Name with uniformResourceIdentifier depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +x509_cert_info:"data_files/parse_input/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, Subject Alt Name with two uniformResourceIdentifiers depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +x509_cert_info:"data_files/parse_input/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, RSA Certificate Policy any depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, RSA Certificate Policy any with qualifier depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any with qualifier depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, RSA Certificate multiple Policies depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" X509 CRT information, ECDSA Certificate multiple Policies depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" X509 CRT information, RSA Certificate unsupported policy depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" +x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" X509 CRT information, ECDSA Certificate unsupported policy depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" +x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" X509 CRT information, Key Usage + Extended Key Usage depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" +x509_cert_info:"data_files/parse_input/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" X509 CRT information RSA signed by EC depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME -x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information EC signed by RSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" X509 CRT information Bitstring in subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 -x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" +x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" X509 CRT information Non-ASCII string in issuer name and subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" +x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 SAN parsing otherName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 From 1c3cfb3ed618359be87181425df19d2d2d0a54fe Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:42 +0800 Subject: [PATCH 367/483] change path of x509parse_crt_file input data - Move data_files/server1_pathlen_int_max.crt->data_files/parse_input/server1_pathlen_int_max.crt - Move data_files/server1_pathlen_int_max-1.crt->data_files/parse_input/server1_pathlen_int_max-1.crt - Copy data_files/server7_int-ca.crt->data_files/parse_input/server7_int-ca.crt - Move data_files/server7_pem_space.crt->data_files/parse_input/server7_pem_space.crt - Move data_files/server7_all_space.crt->data_files/parse_input/server7_all_space.crt - Move data_files/server7_trailing_space.crt->data_files/parse_input/server7_trailing_space.crt - Move data_files/cli-rsa-sha256-badalg.crt.der->data_files/parse_input/cli-rsa-sha256-badalg.crt.der Signed-off-by: Jerry Yu --- .../cli-rsa-sha256-badalg.crt.der | Bin .../server1_pathlen_int_max-1.crt | 0 .../server1_pathlen_int_max.crt | 0 .../{ => parse_input}/server7_all_space.crt | 0 .../data_files/parse_input/server7_int-ca.crt | 47 ++++++++++++++++++ .../{ => parse_input}/server7_pem_space.crt | 0 .../server7_trailing_space.crt | 0 tests/suites/test_suite_x509parse.data | 14 +++--- 8 files changed, 54 insertions(+), 7 deletions(-) rename tests/data_files/{ => parse_input}/cli-rsa-sha256-badalg.crt.der (100%) rename tests/data_files/{ => parse_input}/server1_pathlen_int_max-1.crt (100%) rename tests/data_files/{ => parse_input}/server1_pathlen_int_max.crt (100%) rename tests/data_files/{ => parse_input}/server7_all_space.crt (100%) create mode 100644 tests/data_files/parse_input/server7_int-ca.crt rename tests/data_files/{ => parse_input}/server7_pem_space.crt (100%) rename tests/data_files/{ => parse_input}/server7_trailing_space.crt (100%) diff --git a/tests/data_files/cli-rsa-sha256-badalg.crt.der b/tests/data_files/parse_input/cli-rsa-sha256-badalg.crt.der similarity index 100% rename from tests/data_files/cli-rsa-sha256-badalg.crt.der rename to tests/data_files/parse_input/cli-rsa-sha256-badalg.crt.der diff --git a/tests/data_files/server1_pathlen_int_max-1.crt b/tests/data_files/parse_input/server1_pathlen_int_max-1.crt similarity index 100% rename from tests/data_files/server1_pathlen_int_max-1.crt rename to tests/data_files/parse_input/server1_pathlen_int_max-1.crt diff --git a/tests/data_files/server1_pathlen_int_max.crt b/tests/data_files/parse_input/server1_pathlen_int_max.crt similarity index 100% rename from tests/data_files/server1_pathlen_int_max.crt rename to tests/data_files/parse_input/server1_pathlen_int_max.crt diff --git a/tests/data_files/server7_all_space.crt b/tests/data_files/parse_input/server7_all_space.crt similarity index 100% rename from tests/data_files/server7_all_space.crt rename to tests/data_files/parse_input/server7_all_space.crt diff --git a/tests/data_files/parse_input/server7_int-ca.crt b/tests/data_files/parse_input/server7_int-ca.crt new file mode 100644 index 0000000000..d3ddc46a8b --- /dev/null +++ b/tests/data_files/parse_input/server7_int-ca.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud +IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC +AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr +FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr +8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj ++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 +QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm +yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK +TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e +deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM +0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b +OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj +VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp +a8Si6UK5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/data_files/server7_pem_space.crt b/tests/data_files/parse_input/server7_pem_space.crt similarity index 100% rename from tests/data_files/server7_pem_space.crt rename to tests/data_files/parse_input/server7_pem_space.crt diff --git a/tests/data_files/server7_trailing_space.crt b/tests/data_files/parse_input/server7_trailing_space.crt similarity index 100% rename from tests/data_files/server7_trailing_space.crt rename to tests/data_files/parse_input/server7_trailing_space.crt diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 351ba2f70c..0645ecdf1f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2027,11 +2027,11 @@ x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b05003 X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1 -x509parse_crt_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH +x509parse_crt_file:"data_files/parse_input/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH X509 CRT ASN1 (pathlen is INT_MAX-1) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1 -x509parse_crt_file:"data_files/server1_pathlen_int_max-1.crt":0 +x509parse_crt_file:"data_files/parse_input/server1_pathlen_int_max-1.crt":0 X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 @@ -3059,23 +3059,23 @@ mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_type X509 File parse (no issues) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_int-ca.crt":0 +x509parse_crt_file:"data_files/parse_input/server7_int-ca.crt":0 X509 File parse (extra space in one certificate) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_pem_space.crt":1 +x509parse_crt_file:"data_files/parse_input/server7_pem_space.crt":1 X509 File parse (all certificates fail) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER +x509parse_crt_file:"data_files/parse_input/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER X509 File parse (trailing spaces, OK) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_trailing_space.crt":0 +x509parse_crt_file:"data_files/parse_input/server7_trailing_space.crt":0 X509 File parse (Algorithm Params Tag mismatch) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH +x509parse_crt_file:"data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH X509 Get time (UTC no issues) depends_on:MBEDTLS_X509_USE_C From e8e7bbb59d663f34b42ec16b39173bc1c125a4c2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:43 +0800 Subject: [PATCH 368/483] change path of x509_parse_san input data - Move data_files/server5-othername.crt->data_files/parse_input/server5-othername.crt - Move data_files/server5-nonprintable_othername.crt->data_files/parse_input/server5-nonprintable_othername.crt - Move data_files/server5-directoryname.crt.der->data_files/parse_input/server5-directoryname.crt.der - Move data_files/server5-directoryname-seq-malformed.crt.der->data_files/parse_input/server5-directoryname-seq-malformed.crt.der - Move data_files/server5-second-directoryname-oid-malformed.crt.der->data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der - Copy data_files/cert_example_multi.crt->data_files/parse_input/cert_example_multi.crt - Move data_files/multiple_san.crt->data_files/parse_input/multiple_san.crt - Copy data_files/server4.crt->data_files/parse_input/server4.crt - Move data_files/server5-unsupported_othername.crt->data_files/parse_input/server5-unsupported_othername.crt - Move data_files/test_cert_rfc822name.crt.der->data_files/parse_input/test_cert_rfc822name.crt.der Signed-off-by: Jerry Yu --- tests/data_files/multiple_san.crt | 12 ----------- ...erver5-directoryname-seq-malformed.crt.der | Bin ...second-directoryname-oid-malformed.crt.der | Bin .../server5-unsupported_othername.crt | 0 .../test_cert_rfc822name.crt.der | Bin .../data_files/server5-directoryname.crt.der | Bin 498 -> 0 bytes .../server5-nonprintable_othername.crt | 12 ----------- tests/data_files/server5-othername.crt | 11 ---------- tests/suites/test_suite_x509parse.data | 20 +++++++++--------- 9 files changed, 10 insertions(+), 45 deletions(-) delete mode 100644 tests/data_files/multiple_san.crt rename tests/data_files/{ => parse_input}/server5-directoryname-seq-malformed.crt.der (100%) rename tests/data_files/{ => parse_input}/server5-second-directoryname-oid-malformed.crt.der (100%) rename tests/data_files/{ => parse_input}/server5-unsupported_othername.crt (100%) rename tests/data_files/{ => parse_input}/test_cert_rfc822name.crt.der (100%) delete mode 100644 tests/data_files/server5-directoryname.crt.der delete mode 100644 tests/data_files/server5-nonprintable_othername.crt delete mode 100644 tests/data_files/server5-othername.crt diff --git a/tests/data_files/multiple_san.crt b/tests/data_files/multiple_san.crt deleted file mode 100644 index 8cdc730611..0000000000 --- a/tests/data_files/multiple_san.crt +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB2jCCAYCgAwIBAgIBBDAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11bHRpcGxlIG90aGVy -bmFtZSBTQU4wHhcNMTkwNDIyMTYxMDQ4WhcNMjkwNDE5MTYxMDQ4WjBKMQswCQYD -VQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11 -bHRpcGxlIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3 -zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI -wmt3DVXNiioO+gHItO3/o1cwVTBTBgNVHREETDBKggtleGFtcGxlLmNvbaAfBggr -BgEFBQcIBKATMBEGBysGAQQBEQMEBjEyMzQ1NoILZXhhbXBsZS5uZXSCDSouZXhh -bXBsZS5vcmcwCgYIKoZIzj0EAwIDSAAwRQIhAMZUkp+pcuFQ3WWdgvV4Y+tIXOyS -L6p0RtEAOi/GgigVAiB50n3rIUKjapYstPp3yOpGZGyRxnc6uRdSiMH5wLA4yw== ------END CERTIFICATE----- diff --git a/tests/data_files/server5-directoryname-seq-malformed.crt.der b/tests/data_files/parse_input/server5-directoryname-seq-malformed.crt.der similarity index 100% rename from tests/data_files/server5-directoryname-seq-malformed.crt.der rename to tests/data_files/parse_input/server5-directoryname-seq-malformed.crt.der diff --git a/tests/data_files/server5-second-directoryname-oid-malformed.crt.der b/tests/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der similarity index 100% rename from tests/data_files/server5-second-directoryname-oid-malformed.crt.der rename to tests/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der diff --git a/tests/data_files/server5-unsupported_othername.crt b/tests/data_files/parse_input/server5-unsupported_othername.crt similarity index 100% rename from tests/data_files/server5-unsupported_othername.crt rename to tests/data_files/parse_input/server5-unsupported_othername.crt diff --git a/tests/data_files/test_cert_rfc822name.crt.der b/tests/data_files/parse_input/test_cert_rfc822name.crt.der similarity index 100% rename from tests/data_files/test_cert_rfc822name.crt.der rename to tests/data_files/parse_input/test_cert_rfc822name.crt.der diff --git a/tests/data_files/server5-directoryname.crt.der b/tests/data_files/server5-directoryname.crt.der deleted file mode 100644 index 4badea1a279ff3e58a340bdafe353563bb93355e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 498 zcmXqLVti-N#5iREGZP~d6Qi#I7aNCGo5wj@7G@>`S3_%W5xD%bsWkr=M6pErN#G)@x+$5{}-1U z6dMEqJt`~6;%(r$#GP7BmIax~$0Eie5|FsG{|fuf>rIS2PgCoAlHHaI??a9YW)B7f zS0;sQyF0V=PrLrIP&8TlEv Date: Mon, 29 May 2023 17:28:44 +0800 Subject: [PATCH 369/483] change path of mbedtls_x509_csr_info input data - Copy data_files/server1.req.md5->data_files/parse_input/server1.req.md5 - Copy data_files/server1.req.sha1->data_files/parse_input/server1.req.sha1 - Copy data_files/server1.req.sha224->data_files/parse_input/server1.req.sha224 - Copy data_files/server1.req.sha256->data_files/parse_input/server1.req.sha256 - Copy data_files/server1.req.sha384->data_files/parse_input/server1.req.sha384 - Copy data_files/server1.req.sha512->data_files/parse_input/server1.req.sha512 - Move data_files/server1.req.commas.sha256->data_files/parse_input/server1.req.commas.sha256 - Move data_files/server5.req.sha1->data_files/parse_input/server5.req.sha1 - Move data_files/server5.req.sha224->data_files/parse_input/server5.req.sha224 - Move data_files/server5.req.sha256->data_files/parse_input/server5.req.sha256 - Move data_files/server5.req.sha384->data_files/parse_input/server5.req.sha384 - Move data_files/server5.req.sha512->data_files/parse_input/server5.req.sha512 - Move data_files/server9.req.sha1->data_files/parse_input/server9.req.sha1 - Move data_files/server9.req.sha224->data_files/parse_input/server9.req.sha224 - Move data_files/server9.req.sha256->data_files/parse_input/server9.req.sha256 - Move data_files/server9.req.sha384->data_files/parse_input/server9.req.sha384 - Move data_files/server9.req.sha512->data_files/parse_input/server9.req.sha512 - Move data_files/server1-ms.req.sha256->data_files/parse_input/server1-ms.req.sha256 - Move data_files/test_csr_v3_all.csr.der->data_files/parse_input/test_csr_v3_all.csr.der - Move data_files/test_csr_v3_nsCertType.csr.der->data_files/parse_input/test_csr_v3_nsCertType.csr.der - Move data_files/test_csr_v3_subjectAltName.csr.der->data_files/parse_input/test_csr_v3_subjectAltName.csr.der - Move data_files/test_csr_v3_keyUsage.csr.der->data_files/parse_input/test_csr_v3_keyUsage.csr.der Signed-off-by: Jerry Yu --- .../{ => parse_input}/server1-ms.req.sha256 | 0 .../server1.req.commas.sha256 | 0 tests/data_files/parse_input/server1.req.md5 | 16 +++++++ tests/data_files/parse_input/server1.req.sha1 | 16 +++++++ .../data_files/parse_input/server1.req.sha224 | 16 +++++++ .../data_files/parse_input/server1.req.sha256 | 16 +++++++ .../data_files/parse_input/server1.req.sha384 | 16 +++++++ .../data_files/parse_input/server1.req.sha512 | 16 +++++++ .../{ => parse_input}/server5.req.sha1 | 0 .../{ => parse_input}/server5.req.sha224 | 0 .../{ => parse_input}/server5.req.sha256 | 0 .../{ => parse_input}/server5.req.sha384 | 0 .../{ => parse_input}/server5.req.sha512 | 0 .../{ => parse_input}/server9.req.sha1 | 0 .../{ => parse_input}/server9.req.sha224 | 0 .../{ => parse_input}/server9.req.sha256 | 0 .../{ => parse_input}/server9.req.sha384 | 0 .../{ => parse_input}/server9.req.sha512 | 0 .../{ => parse_input}/test_csr_v3_all.csr.der | Bin .../test_csr_v3_keyUsage.csr.der | Bin .../test_csr_v3_nsCertType.csr.der | Bin .../test_csr_v3_subjectAltName.csr.der | Bin tests/suites/test_suite_x509parse.data | 44 +++++++++--------- 23 files changed, 118 insertions(+), 22 deletions(-) rename tests/data_files/{ => parse_input}/server1-ms.req.sha256 (100%) rename tests/data_files/{ => parse_input}/server1.req.commas.sha256 (100%) create mode 100644 tests/data_files/parse_input/server1.req.md5 create mode 100644 tests/data_files/parse_input/server1.req.sha1 create mode 100644 tests/data_files/parse_input/server1.req.sha224 create mode 100644 tests/data_files/parse_input/server1.req.sha256 create mode 100644 tests/data_files/parse_input/server1.req.sha384 create mode 100644 tests/data_files/parse_input/server1.req.sha512 rename tests/data_files/{ => parse_input}/server5.req.sha1 (100%) rename tests/data_files/{ => parse_input}/server5.req.sha224 (100%) rename tests/data_files/{ => parse_input}/server5.req.sha256 (100%) rename tests/data_files/{ => parse_input}/server5.req.sha384 (100%) rename tests/data_files/{ => parse_input}/server5.req.sha512 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha1 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha224 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha256 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha384 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha512 (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_keyUsage.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_nsCertType.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_subjectAltName.csr.der (100%) diff --git a/tests/data_files/server1-ms.req.sha256 b/tests/data_files/parse_input/server1-ms.req.sha256 similarity index 100% rename from tests/data_files/server1-ms.req.sha256 rename to tests/data_files/parse_input/server1-ms.req.sha256 diff --git a/tests/data_files/server1.req.commas.sha256 b/tests/data_files/parse_input/server1.req.commas.sha256 similarity index 100% rename from tests/data_files/server1.req.commas.sha256 rename to tests/data_files/parse_input/server1.req.commas.sha256 diff --git a/tests/data_files/parse_input/server1.req.md5 b/tests/data_files/parse_input/server1.req.md5 new file mode 100644 index 0000000000..57714ede37 --- /dev/null +++ b/tests/data_files/parse_input/server1.req.md5 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBAUA +A4IBAQCEiv3QM4xyKhYTsoOjyzQdXMhsXK3Kpw+Rh874Hf6pXHxUaYy7xLUZUx6K +x5Bvem1HMHAdmOqYTzsE9ZblAMZNRwv/CKGS3pvMkx/VZwXQhFGlHLFG//fPrgl3 +j4dt20QsWP8LnL4LweYSYI1wt1rjgYRHeF6bG/VIck6BIYQhKOGlzIwWUmfAGym6 +q4SYrd+ObZullSarGGSfNKjIUEpYtfQBz31f5tRsyzSps7oG4uc7Xba4qnl2o9FN +lWOMEER79QGwr7+T41FTHFztFddfJ06CCjoRCfEn0Tcsg11tSMS0851oLkMm8RyY +aozIzO82R3Em7aPhZBiBDy3wZC2l +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha1 b/tests/data_files/parse_input/server1.req.sha1 new file mode 100644 index 0000000000..578ec7f79a --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha1 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBQUA +A4IBAQCiYQMOv2ALPUeg8wHKn9L5SdDbNxOzuMwhYsCYTw2TJMQO7NLUq6icEzxY +pUIIFt60JUQjZHxQSY3y9cSivwKXQA7pPfaPaFC/aMA2GxG23t2eaIWNQX8MfcWf +XAa8bl/vmC1MTov+mP2DGoXRiKYORrEInyDS2RaTathvHckcAv25nCIx7wYO9tC9 +LUwyoE9bhiQ7fo3KFlz4dK1HukyCM/FoPbJuL7NgdzmKVPyYCLh5Ah+TTD6+sltz +dFc4fj28w1v3jsBXz+tLrgFQidzuUI2poxt5UwU9TKY0dAJaTCtfIRcXW3h6DGG7 +EDR6rim6sbIQkGzYvGqs4TNoJOR+ +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha224 b/tests/data_files/parse_input/server1.req.sha224 new file mode 100644 index 0000000000..a4f2af4c1d --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha224 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDgUA +A4IBAQArYR2mLKU5lsHyAyGHr4PlmC/cfePmCRyC/mj1riGTjDlNC2X3J1VZDqKb +U/uUxLudP7sbuttRksIAREATT74Pa40bMWiPUlBfA/M2mFTmKb/91uXeIISW8DL3 +xM/5BCDrhnZ/cjP23gKDgJRk+IGBNhYZDGz50TIBbDJ2e4GDkFjzANngUW64UcCQ +7hZOYtnYLBnoRvPwtal5jZqHwsgaPPePXu+SQ8mfuAJwJ78MOCAaKw0IP1h1OnPG +iubdl34lSIaYWwbHTdjaqUSQG3SSs4oxEvluYymrpZ6XGKXtphJXEPdTRiLu9d9l +A5NYVgvqHFQPmuXS92zrGzB788pV +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha256 b/tests/data_files/parse_input/server1.req.sha256 new file mode 100644 index 0000000000..6d21dc5d94 --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha256 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA +A4IBAQCVlSU7qeKri7E3u8JCZbCyjsGJTH9iHYyeDZ/nDLig7iKGYvyNmyzJ76Qu ++EntSmL2OtL95Yqooc6h1AQHzoCs+SO2wPoTUs3Ypi9r7vNNVO3ZnnxVtGgqCRVA +W+z9W4p2mHXQhgW1HkuLa5JD1SvJViyZbx9z3ie1BQ9NVKfv++ArPIv70zBtA7O3 +PZNG1JYN30Esz7RsCDRHbz6Npvu9ggUQL/U3mvQQ+Yo+xhwu1yFV+dRH7PebBeQv +vjcD2fXDabeofK3zztIpUIyUULX0GGClM9jslgJ/ZHUlArWKpLZph0AgF1Dzts// +M6c/sRw7gtjXmV0zq2tf2fL4+e2b +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha384 b/tests/data_files/parse_input/server1.req.sha384 new file mode 100644 index 0000000000..b857af7f15 --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha384 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDAUA +A4IBAQBy35zHYLiYaScq1niQkzQ/BScUbdiWd2V90isBsB5Q3NjVoJl/yCaMrla3 +2XfrutpFpdqwenl5jM0o6+enKCmfur+z2/ije69Dju2aBd6A62cx1AEvFiMq7lyF +4DYJ32+2ty6KA8EhzE3NFs7zKXxmD5ybp+oXNEvXoeU3W8a+Ld5c1K/n+Ipa0TUy +cFBs6dCsbYO9wI6npwWqC5Hc9r/0zziMFO+4N5VORdYUFqObq4vCYOMXETpl8ryu +lGZorNUoJ7vV55T31CDqEtb0EE+nO+nT4agfDobncYjvc3WpQuLtUB4UwR5gpZl6 +ZI+j4uwikOgGO9gcx4IjaRP3q63F +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha512 b/tests/data_files/parse_input/server1.req.sha512 new file mode 100644 index 0000000000..85d52460db --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha512 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDQUA +A4IBAQBb8jNpt0nkNVWstVoOCepQSF5R1R9hF0yEr7mk3HB9oO/nK07R1Oamgjw+ +CHQReTSjIKUX53o7ZwNZB5E+jBDsGz/2Yyj/vxNHJFk2exELtW30he8K2omVHE1F +XESbftCssWLNpTSDq6ME12+llkEDtgCtkv69oRUkuuF5ESUSZRGIZN4Vledm8SM1 +uGFtaG/PXbBbtUaNwNISDeIWDKRtbuca5web+QEi1djiUH21ZWIGEpOy7mtkYmRs +Qt1D32FoaqFNhafiaxNIXO11yd4lgpaDDlmrOSBsELcTIF9916o3DwMeVXy0GONW +BrwaO8q8rg+C+xvMY7858Kk8kwjb +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server5.req.sha1 b/tests/data_files/parse_input/server5.req.sha1 similarity index 100% rename from tests/data_files/server5.req.sha1 rename to tests/data_files/parse_input/server5.req.sha1 diff --git a/tests/data_files/server5.req.sha224 b/tests/data_files/parse_input/server5.req.sha224 similarity index 100% rename from tests/data_files/server5.req.sha224 rename to tests/data_files/parse_input/server5.req.sha224 diff --git a/tests/data_files/server5.req.sha256 b/tests/data_files/parse_input/server5.req.sha256 similarity index 100% rename from tests/data_files/server5.req.sha256 rename to tests/data_files/parse_input/server5.req.sha256 diff --git a/tests/data_files/server5.req.sha384 b/tests/data_files/parse_input/server5.req.sha384 similarity index 100% rename from tests/data_files/server5.req.sha384 rename to tests/data_files/parse_input/server5.req.sha384 diff --git a/tests/data_files/server5.req.sha512 b/tests/data_files/parse_input/server5.req.sha512 similarity index 100% rename from tests/data_files/server5.req.sha512 rename to tests/data_files/parse_input/server5.req.sha512 diff --git a/tests/data_files/server9.req.sha1 b/tests/data_files/parse_input/server9.req.sha1 similarity index 100% rename from tests/data_files/server9.req.sha1 rename to tests/data_files/parse_input/server9.req.sha1 diff --git a/tests/data_files/server9.req.sha224 b/tests/data_files/parse_input/server9.req.sha224 similarity index 100% rename from tests/data_files/server9.req.sha224 rename to tests/data_files/parse_input/server9.req.sha224 diff --git a/tests/data_files/server9.req.sha256 b/tests/data_files/parse_input/server9.req.sha256 similarity index 100% rename from tests/data_files/server9.req.sha256 rename to tests/data_files/parse_input/server9.req.sha256 diff --git a/tests/data_files/server9.req.sha384 b/tests/data_files/parse_input/server9.req.sha384 similarity index 100% rename from tests/data_files/server9.req.sha384 rename to tests/data_files/parse_input/server9.req.sha384 diff --git a/tests/data_files/server9.req.sha512 b/tests/data_files/parse_input/server9.req.sha512 similarity index 100% rename from tests/data_files/server9.req.sha512 rename to tests/data_files/parse_input/server9.req.sha512 diff --git a/tests/data_files/test_csr_v3_all.csr.der b/tests/data_files/parse_input/test_csr_v3_all.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all.csr.der rename to tests/data_files/parse_input/test_csr_v3_all.csr.der diff --git a/tests/data_files/test_csr_v3_keyUsage.csr.der b/tests/data_files/parse_input/test_csr_v3_keyUsage.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_keyUsage.csr.der rename to tests/data_files/parse_input/test_csr_v3_keyUsage.csr.der diff --git a/tests/data_files/test_csr_v3_nsCertType.csr.der b/tests/data_files/parse_input/test_csr_v3_nsCertType.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_nsCertType.csr.der rename to tests/data_files/parse_input/test_csr_v3_nsCertType.csr.der diff --git a/tests/data_files/test_csr_v3_subjectAltName.csr.der b/tests/data_files/parse_input/test_csr_v3_subjectAltName.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_subjectAltName.csr.der rename to tests/data_files/parse_input/test_csr_v3_subjectAltName.csr.der diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 3eed78bdd4..d7dba7d374 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -312,91 +312,91 @@ mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0 X509 CSR Information RSA with MD5 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA224 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA-256 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA384 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA-256, containing commas depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO -mbedtls_x509_csr_info:"data_files/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA224 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA256 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA384 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA512 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA224 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA256 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA384 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA with SHA-256 - Microsoft header depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_info:"data_files/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information v3 extensions #1 (all) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/test_csr_v3_all.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\ncert. type \: SSL Client\nkey usage \: CRL Sign\n" +mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_all.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\ncert. type \: SSL Client\nkey usage \: CRL Sign\n" X509 CSR Information v3 extensions #2 (nsCertType only) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/test_csr_v3_nsCertType.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Server\n" +mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_nsCertType.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Server\n" X509 CSR Information v3 extensions #3 (subjectAltName only) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/test_csr_v3_subjectAltName.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" +mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_subjectAltName.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" X509 CSR Information v3 extensions #4 (keyUsage only) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/test_csr_v3_keyUsage.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_keyUsage.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Key Encipherment\n" X509 Verify Information: empty x509_verify_info:0:"":"" From 87f647776b0634b92ec99f955b7576290da07525 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:45 +0800 Subject: [PATCH 370/483] change path of mbedtls_x509_csr_parse_file input data - Move data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_len1.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_len2.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der - Move data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der - Move data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der - Move data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der - Move data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der->data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der - Move data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der Signed-off-by: Jerry Yu --- ...ormed_attributes_extension_request.csr.der | Bin ...es_extension_request_sequence_len1.csr.der | Bin ...es_extension_request_sequence_len2.csr.der | Bin ...tes_extension_request_sequence_tag.csr.der | Bin ...tributes_extension_request_set_tag.csr.der | Bin ...v3_all_malformed_attributes_id_tag.csr.der | Bin ...r_v3_all_malformed_attributes_len1.csr.der | Bin ...r_v3_all_malformed_attributes_len2.csr.der | Bin ..._malformed_attributes_sequence_tag.csr.der | Bin ...all_malformed_duplicated_extension.csr.der | Bin ..._all_malformed_extension_data_len1.csr.der | Bin ..._all_malformed_extension_data_len2.csr.der | Bin ...3_all_malformed_extension_data_tag.csr.der | Bin ..._v3_all_malformed_extension_id_tag.csr.der | Bin ..._extension_key_usage_bitstream_tag.csr.der | Bin ...ed_extension_ns_cert_bitstream_tag.csr.der | Bin ...sion_subject_alt_name_sequence_tag.csr.der | Bin ...3_all_malformed_extension_type_oid.csr.der | Bin ..._malformed_extensions_sequence_tag.csr.der | Bin tests/suites/test_suite_x509parse.data | 38 +++++++++--------- 20 files changed, 19 insertions(+), 19 deletions(-) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_id_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_len1.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_len2.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_duplicated_extension.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_data_len1.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_data_len2.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_data_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_id_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_type_oid.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der (100%) diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d7dba7d374..f49486dafb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2983,79 +2983,79 @@ mbedtls_x509_csr_parse:"3008300602047fffffff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSIO # Please see makefile for data_files to check malformation details (test_csr_v3_all_malformed_xxx.csr files) X509 CSR ASN.1 (attributes: invalid sequence tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (attributes: invalid attribute id) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (attributes: not extension request) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n":0 +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n":0 X509 CSR ASN.1 (attributes: invalid extenstion request set tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (attributes: invalid extenstion request sequence tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (attributes: invalid len (len > data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (attributes: invalid len (len < data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CSR ASN.1 (attributes: extension request invalid len (len > data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (attributes: extension request invalid len (len < data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (extensions: invalid sequence tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension id tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension data tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension data len (len > data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (extensions: invalid extension data len (len < data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CSR ASN.1 (extensions: invalid extension key usage bitstream tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension subject alt name sequence tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension ns cert bitstream tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: duplicated extension) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_DATA X509 CSR ASN.1 (extensions: invalid extension type data) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0 +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0 X509 File parse (no issues) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C From bffe31cbfb688653135ed946b333276fa1d1ad18 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:45 +0800 Subject: [PATCH 371/483] change path of mbedtls_x509_crl_parse input data - Move data_files/crl-malformed-trailing-spaces.pem->data_files/parse_input/crl-malformed-trailing-spaces.pem - Move data_files/crl-idp.pem->data_files/parse_input/crl-idp.pem - Move data_files/crl-idpnc.pem->data_files/parse_input/crl-idpnc.pem Signed-off-by: Jerry Yu --- tests/data_files/{ => parse_input}/crl-idp.pem | 0 tests/data_files/{ => parse_input}/crl-idpnc.pem | 0 .../{ => parse_input}/crl-malformed-trailing-spaces.pem | 0 tests/suites/test_suite_x509parse.data | 6 +++--- 4 files changed, 3 insertions(+), 3 deletions(-) rename tests/data_files/{ => parse_input}/crl-idp.pem (100%) rename tests/data_files/{ => parse_input}/crl-idpnc.pem (100%) rename tests/data_files/{ => parse_input}/crl-malformed-trailing-spaces.pem (100%) diff --git a/tests/data_files/crl-idp.pem b/tests/data_files/parse_input/crl-idp.pem similarity index 100% rename from tests/data_files/crl-idp.pem rename to tests/data_files/parse_input/crl-idp.pem diff --git a/tests/data_files/crl-idpnc.pem b/tests/data_files/parse_input/crl-idpnc.pem similarity index 100% rename from tests/data_files/crl-idpnc.pem rename to tests/data_files/parse_input/crl-idpnc.pem diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/parse_input/crl-malformed-trailing-spaces.pem similarity index 100% rename from tests/data_files/crl-malformed-trailing-spaces.pem rename to tests/data_files/parse_input/crl-malformed-trailing-spaces.pem diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f49486dafb..c67d01d128 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -300,15 +300,15 @@ mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha512.pem":"CRL version X509 CRL Malformed Input (trailing spaces at end of file) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_VERIFY -mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT +mbedtls_x509_crl_parse:"data_files/parse_input/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT X509 CRL Unsupported critical extension (issuingDistributionPoint) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crl_parse:"data_files/parse_input/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL Unsupported non-critical extension (issuingDistributionPoint) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0 +mbedtls_x509_crl_parse:"data_files/parse_input/crl-idpnc.pem":0 X509 CSR Information RSA with MD5 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO From 491c64cd37870f85f4103a28b2aae638142f1739 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 24 May 2023 10:33:42 +0800 Subject: [PATCH 372/483] Mark all_intermediate as intermediate files Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3d2d5dccd5..d1aa3ce650 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1602,3 +1602,5 @@ clean: neat: clean rm -f $(all_final) .PHONY: clean neat + +.INTERMEDIATE: $(all_intermediate) From 6f804693e5709a2e61953914b40b757acdd01df8 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 8 May 2023 14:34:22 +0800 Subject: [PATCH 373/483] Fix wrong target names in the Makefile in tests/data_files Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index d1aa3ce650..3345237b65 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1519,17 +1519,17 @@ all_final += pkcs7_data_signed_badsigner1_fuzzbad.der pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc -all_final += pkcs7_data_signed_badsigner2_badsize +all_final += pkcs7_data_signed_badsigner2_badsize.der pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc -all_final += pkcs7_data_signed_badsigner2_badtag +all_final += pkcs7_data_signed_badsigner2_badtag.der pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc -all_final += pkcs7_data_signed_badsigner2_fuzzbad +all_final += pkcs7_data_signed_badsigner2_fuzzbad.der # pkcs7 file with version 2 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der From cd61b740c581d88b13de0fcd8b03955f24590a54 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 9 May 2023 12:04:56 +0800 Subject: [PATCH 374/483] Add rules to generate server3.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3345237b65..d1dafe043d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1324,6 +1324,12 @@ server2-sha256.crt: server2.req.sha256 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ all_final += server2-sha256.crt +# server3* + +server3.crt: server3.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ +all_final += server3.crt + # MD5 test certificate cert_md_test_key = $(cli_crt_key_file_rsa) From f31d18a52bd60285e919809c247d33f402fb0d84 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 10 May 2023 09:26:41 +0800 Subject: [PATCH 375/483] Add rules to generate server4.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index d1dafe043d..1af31321ac 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1330,6 +1330,12 @@ server3.crt: server3.key $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ all_final += server3.crt +# server4* + +server4.crt: server4.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ +all_final += server4.crt + # MD5 test certificate cert_md_test_key = $(cli_crt_key_file_rsa) From 543d912495716bd4499af7845e48b154f8d3d7db Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 23 May 2023 11:54:11 +0800 Subject: [PATCH 376/483] Update server3.crt and server4.crt Signed-off-by: Pengyu Lv --- tests/data_files/server3.crt | 26 ++++++++++++-------------- tests/data_files/server4.crt | 31 +++++++++++++++---------------- 2 files changed, 27 insertions(+), 30 deletions(-) diff --git a/tests/data_files/server3.crt b/tests/data_files/server3.crt index ed0d696b4a..46987c3ef2 100644 --- a/tests/data_files/server3.crt +++ b/tests/data_files/server3.crt @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICojCCAYqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwODA5MDkxNzAzWhcNMjMwODA3MDkxNzAzWjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG +MIICXDCCAUSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG CCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5 -fQcsej6EFasvlTdJ/6OBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTkF2s2sgaJ -OtleQ7bgZH2Hq33eNzBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/ -pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQ -b2xhclNTTCBUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjmSIjGKD1eH5W -4bl2MXfNIsTwc2vv/MAAhBzBEbTXd3T37+zAGPGjKncvTB+oufUVRGkoKbfoC6Jm -DYSEUuxtnUZOko/C//XlCEtK0TuS2aLEqF3gJjBJTCfthEdAhJCtmPAQDCzeKsdx -CoOtH0NQx6Xl64oDt2wYSQNWUTGLPfRpdsVEvBHhHYATQijkl2ZH8BDjsYcBicrS -qmCeN+0T1B9vrOQVEZe+fwgzVL38n8lkJZNPIbdovA9WLHwXAEzPv4la3w0qh4Tb -kSb8HtILl4I474QxrFywylyXR/p2znPleRIRgB5HtUp9tLSWkB0bwMlqQlg2EHXu -CAQ1sXmQ +fQcsej6EFasvlTdJ/6NNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU5BdrNrIGiTrZ +XkO24GR9h6t93jcwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJ +KoZIhvcNAQEFBQADggEBAKSCuGCXcpDrVwRVgHVlUsxACRDUH2QirsLFAUk1CGsR +SniBgWi+5KGK8fd3Tf+GkVeIZocaf7tnKm0YJg8W5QPDnwrMD2L1SjYFgc7r1G4f +579FOo0qRKdJabTV0e022XFyN77JJHAm8RkjZEnzUuW7k8/RohY8NBzh+KACyHOi +96DhGsBp9LG6QIKB1rxiNx4wq3WUygaMgImoaDRqgAFxJjwRBEhcsWtU2AmoOKdO +hzQp+EzEjn04+ScJpMzMF4FY+kLaz9PlvEO61aQuZsC2fUmk+M6q8xcBNEdoFNvv +0cOl5Liuewb32srAZWCMpbHFxaT9Nd3TxJwFxFCJpvc= -----END CERTIFICATE----- diff --git a/tests/data_files/server4.crt b/tests/data_files/server4.crt index 96b1aa7729..2b4134d66c 100644 --- a/tests/data_files/server4.crt +++ b/tests/data_files/server4.crt @@ -1,18 +1,17 @@ -----BEGIN CERTIFICATE----- -MIIC6jCCAnCgAwIBAgIBCDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAKvXjL5VfYc7D/truqEpYcZcvlUhnuCNDJctYDJL -vgYYj5uxDxLHBXvnEHLgO5K+lps42p+r/dd4oE64ttRoeZZUvr+7eBnW35n0EpPA -Ik9Gwu+vg7GfxmifgIR8hZnOQkt2OjvvpChPCxvUailtB450Izh+mEK/hYFr+7Jl -NnxR1XQlbbyDM7Ect1HwYcuS3MBlBqq048J+0KEkQXICSjKeHFga9eDCq+Jyfqe5 -bt0K30hl1N0164B7aoh08Eomme+aSuAsz+MsJ3m7AO2DUYdrDxlrky1QrvRWWfX0 -d8djTM+uHTo1DviRM6o9+P9DfoFd53/Z0Km03sVLQWvUrhECAwEAAaOBnTCBmjAJ -BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTBuBgNVHSME -ZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAP -BgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkA -wUPifmJDzOgwCgYIKoZIzj0EAwIDaAAwZQIxAPWlxnMcjBaxaVieQYSLBqzizS3/ -O8Na6owRGPk0/UK+j5O9NTBHk+uXW/fQblKamQIwUQl4dl6gkRDE4rBR/yGjZZ1Z -3dEpvL2Wimt3keD7AcLpYB2FJ1mVcY1XQUeK1Vfc +MIICnTCCAiGgAwIBAgIBCDAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMDQxCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9eMvlV9hzsP+2u6oSlhxly+VSGe4I0Mly1g +Mku+BhiPm7EPEscFe+cQcuA7kr6Wmzjan6v913igTri21Gh5llS+v7t4GdbfmfQS +k8AiT0bC76+DsZ/GaJ+AhHyFmc5CS3Y6O++kKE8LG9RqKW0HjnQjOH6YQr+FgWv7 +smU2fFHVdCVtvIMzsRy3UfBhy5LcwGUGqrTjwn7QoSRBcgJKMp4cWBr14MKr4nJ+ +p7lu3QrfSGXU3TXrgHtqiHTwSiaZ75pK4CzP4ywnebsA7YNRh2sPGWuTLVCu9FZZ +9fR3x2NMz64dOjUO+JEzqj34/0N+gV3nf9nQqbTexUtBa9SuEQIDAQABo00wSzAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTAfBgNVHSME +GDAWgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDB +ek00E3uHPwnUDBVAPRJThsj2mQr/MSCTwRMNXnNlki9Lux0qGd6uvhp5v31I7V0C +MDiCHwEm55sU4gWrAxYVKVVV9qMTG2Moy4YnJDDlxwpyXPta5Ac2FV+0AbInBXSM +Bg== -----END CERTIFICATE----- From b7b40b494d78d36e27647a7f321244fa17236140 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 23 Apr 2023 17:49:39 +0800 Subject: [PATCH 377/483] Add rules to generate server5[-badsign].crt Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 13 +++++++++++++ tests/data_files/server5.crt.openssl.v3_ext | 3 +++ 2 files changed, 16 insertions(+) create mode 100644 tests/data_files/server5.crt.openssl.v3_ext diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 1af31321ac..7e1d94b771 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1173,6 +1173,19 @@ all_final += server2.key.enc # server5* +server5.csr: server5.key + $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ + -key $< -out $@ +all_intermediate += server5.csr +server5.crt: server5.csr + $(OPENSSL) x509 -req -CA $(test_ca_crt_cat21) -CAkey $(test_ca_key_file_ec) \ + -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 -sha256 -in $< -out $@ +all_final += server5.crt + +server5-badsign.crt: server5.crt + { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ +all_final += server5-badsign.crt + # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' server5.req.ku.sha1: server5.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 diff --git a/tests/data_files/server5.crt.openssl.v3_ext b/tests/data_files/server5.crt.openssl.v3_ext new file mode 100644 index 0000000000..594e90ad09 --- /dev/null +++ b/tests/data_files/server5.crt.openssl.v3_ext @@ -0,0 +1,3 @@ +basicConstraints = CA:false +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always From 460b6cf0ba7ec2a962a466a1e50f30b042c39caf Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 24 Apr 2023 17:03:15 +0800 Subject: [PATCH 378/483] Add server5-der*crt generate command Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7e1d94b771..5366b972c6 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -348,6 +348,30 @@ server5-directoryname.crt.der: server5.key server5-two-directorynames.crt.der: server5.key $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@ +server5-der0.crt: server5.crt.der + cp $< $@ +server5-der1a.crt: server5.crt.der + cp $< $@ + echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der1b.crt: server5.crt.der + cp $< $@ + echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der2.crt: server5.crt.der + cp $< $@ + echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der4.crt: server5.crt.der + cp $< $@ + echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der8.crt: server5.crt.der + cp $< $@ + echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der9.crt: server5.crt.der + cp $< $@ + echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \ + server5-der9.crt server5-der1a.crt server5-der2.crt \ + server5-der8.crt + # directoryname sequence tag malformed server5-directoryname-seq-malformed.crt.der: server5-two-directorynames.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@ From 540b0220a09b994c43755283aa46260b1a58e3a9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 12 May 2023 16:31:26 +0800 Subject: [PATCH 379/483] Add rules to generate server5-sha*.crt Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 5366b972c6..9a290b5857 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1201,10 +1201,14 @@ server5.csr: server5.key $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ -key $< -out $@ all_intermediate += server5.csr -server5.crt: server5.csr - $(OPENSSL) x509 -req -CA $(test_ca_crt_cat21) -CAkey $(test_ca_key_file_ec) \ - -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 -sha256 -in $< -out $@ -all_final += server5.crt +server5.crt: server5-sha256.crt + cp $< $@ +all_intermediate += server5-sha256.crt +server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext + $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \ + -sha$(@:server5-sha%.crt=%) -in $< -out $@ +all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt server5-badsign.crt: server5.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ From 964ddb5cb4568d2eeee7997b112d538c3bbb679e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 9 May 2023 13:46:38 +0800 Subject: [PATCH 380/483] Add rules to generate server6.crt Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 9a290b5857..b95d1f64f9 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1219,6 +1219,17 @@ server5.req.ku.sha1: server5.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 all_final += server5.req.ku.sha1 +# server6* + +server6.csr: server6.key + $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ + -key $< -out $@ +all_intermediate += server6.csr +server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) + $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@ +all_final += server6.crt + ################################################################ ### Generate certificates for CRT write check tests ################################################################ From 2d5e6aecdf36e6563e35faf1a64894220ff9d43e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 12 May 2023 16:27:26 +0800 Subject: [PATCH 381/483] Add rules to generate server7*.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index b95d1f64f9..3b7da60e44 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -271,23 +271,60 @@ cli-rsa.key.der: $(cli_crt_key_file_rsa) all_final += cli-rsa.key.der test_ca_int_rsa1 = test-int-ca.crt +test_ca_int_ec = test-int-ca2.crt + +# server7* server7.csr: server7.key $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ all_intermediate += server7.csr + +server7.crt: server7.csr $(test_ca_int_rsa1) + $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ +all_final += server7.crt + server7-expired.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-expired.crt + server7-future.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-future.crt + server7-badsign.crt: server7.crt $(test_ca_int_rsa1) { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ all_final += server7-badsign.crt + +server7_int-ca.crt: server7.crt $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_rsa1) > $@ +all_final += server7_int-ca.crt + +server7_pem_space.crt: server7.crt $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@ +all_final += server7_pem_space.crt + +server7_all_space.crt: server7.crt $(test_ca_int_rsa1) + { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@ +all_final += server7_all_space.crt + +server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@ +all_final += server7_trailing_space.crt + +server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) + cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@ +all_final += server7_int-ca_ca2.crt + server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt cat server7.crt test-int-ca-exp.crt > $@ all_final += server7_int-ca-exp.crt +server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@ +all_final += server7_spurious_int-ca.crt + +server7_all: server7.crt server7-badsign.crt server7-expired.crt server7-future.crt server7_int-ca-exp.crt server7_int-ca.crt server7_int-ca_ca2.crt server7_all_space.crt server7_pem_space.crt server7_trailing_space.crt server7_spurious_int-ca.crt + cli2.req.sha256: cli2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 @@ -1648,6 +1685,7 @@ all: $(all_intermediate) $(all_final) .PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 .PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 .PHONY: server1_all +.PHONY: server7_all # These files should not be committed to the repository. list_intermediate: From 44c42fe30353e095c0df8a4f04e50cfe93adcc55 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 12 May 2023 17:52:09 +0800 Subject: [PATCH 382/483] Add rules to generate server8*.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3b7da60e44..e5cbbee52d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -272,6 +272,7 @@ all_final += cli-rsa.key.der test_ca_int_rsa1 = test-int-ca.crt test_ca_int_ec = test-int-ca2.crt +test_ca_int_key_file_ec = test-int-ca2.key # server7* @@ -325,6 +326,18 @@ all_final += server7_spurious_int-ca.crt server7_all: server7.crt server7-badsign.crt server7-expired.crt server7-future.crt server7_int-ca-exp.crt server7_int-ca.crt server7_int-ca_ca2.crt server7_all_space.crt server7_pem_space.crt server7_trailing_space.crt server7_spurious_int-ca.crt +# server8* + +server8.crt: server8.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ +all_final += server8.crt + +server8_int-ca2.crt: server8.crt $(test_ca_int_ec) + cat $^ > $@ +all_final += server8_int-ca2.crt + +server8_all: server8.crt server8_int-ca2.crt + cli2.req.sha256: cli2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 @@ -1686,6 +1699,7 @@ all: $(all_intermediate) $(all_final) .PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 .PHONY: server1_all .PHONY: server7_all +.PHONY: server8_all # These files should not be committed to the repository. list_intermediate: From 309d434f940a04e56b2eb2232845503d3912d3c6 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 15 May 2023 11:07:55 +0800 Subject: [PATCH 383/483] Add rules to generate server10*.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index e5cbbee52d..6fe3fbc759 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -438,18 +438,33 @@ rsa_single_san_uri.crt.der: rsa_single_san_uri.key rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" +test-int-ca3-badsign.crt: test-int-ca3.crt + { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ +all_final += test-int-ca3-badsign.crt + +# server10* + +server10.crt: server10.key test-int-ca3.crt test-int-ca3.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key subject_identifier=0 authority_identifier=0 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ +all_final += server10.crt server10-badsign.crt: server10.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ all_final += server10-badsign.crt server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt cat server10-badsign.crt test-int-ca3.crt > $@ all_final += server10-bs_int3.pem -test-int-ca3-badsign.crt: test-int-ca3.crt - { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ -all_final += test-int-ca3-badsign.crt server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt cat server10.crt test-int-ca3-badsign.crt > $@ all_final += server10_int3-bs.pem +server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) + cat $^ > $@ +all_final += server10_int3_int-ca2.crt +server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt) + cat $^ > $@ +all_final += server10_int3_int-ca2_ca.crt +server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec) + cat $^ > $@ +all_final += server10_int3_spurious_int-ca2.crt rsa_pkcs1_2048_public.pem: server8.key $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ From 467deeffbba0e20daa8d820b58ee91e9efb00b1d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 12 May 2023 12:04:50 +0800 Subject: [PATCH 384/483] Add rules to generate test-ca2_cat-*.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 6fe3fbc759..80da98273c 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -171,7 +171,28 @@ all_intermediate += test-ca2.req.sha256 test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ -all_final += test-ca.crt +all_final += test-ca2.crt + +test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 + $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ +all_intermediate += test-ca2-future.crt + +test_ca_ec_cat := # files that concatenate different crt +test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt +test_ca_ec_cat += test-ca2_cat-future-invalid.crt +test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt +test_ca_ec_cat += test-ca2_cat-future-present.crt +test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt +test_ca_ec_cat += test-ca2_cat-present-future.crt +test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt +test_ca_ec_cat += test-ca2_cat-present-past.crt +test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt +test_ca_ec_cat += test-ca2_cat-past-invalid.crt +test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt +test_ca_ec_cat += test-ca2_cat-past-present.crt +$(test_ca_ec_cat): + cat $^ > $@ +all_final += $(test_ca_ec_cat) test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ From 0f704b094b9a730b9fa56aa85e72a24f585a0323 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 23 May 2023 17:40:25 +0800 Subject: [PATCH 385/483] Update server5[-der*|-sha*].crt Signed-off-by: Pengyu Lv --- tests/data_files/server5-badsign.crt | 18 +++++++++--------- tests/data_files/server5-der0.crt | Bin 547 -> 548 bytes tests/data_files/server5-der1a.crt | Bin 548 -> 549 bytes tests/data_files/server5-der1b.crt | Bin 548 -> 549 bytes tests/data_files/server5-der2.crt | Bin 549 -> 550 bytes tests/data_files/server5-der4.crt | Bin 551 -> 552 bytes tests/data_files/server5-der8.crt | Bin 555 -> 556 bytes tests/data_files/server5-der9.crt | Bin 556 -> 557 bytes tests/data_files/server5-sha1.crt | 18 +++++++++--------- tests/data_files/server5-sha224.crt | 18 +++++++++--------- tests/data_files/server5-sha384.crt | 18 +++++++++--------- tests/data_files/server5-sha512.crt | 18 +++++++++--------- tests/data_files/server5.crt | 18 +++++++++--------- tests/data_files/server5.crt.der | Bin 547 -> 548 bytes 14 files changed, 54 insertions(+), 54 deletions(-) diff --git a/tests/data_files/server5-badsign.crt b/tests/data_files/server5-badsign.crt index 0c65072330..b641f70196 100644 --- a/tests/data_files/server5-badsign.crt +++ b/tests/data_files/server5-badsign.crt @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA 2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S -C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V -fGa5kHvHARBPc8YAIVIqDvHH1A== +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ +qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN +06jC+BLgOH1KQV9ArqEh3AhOhE0= -----END CERTIFICATE----- diff --git a/tests/data_files/server5-der0.crt b/tests/data_files/server5-der0.crt index 08d8dd311b525fd51171a1019ad3194dad91580a..1e0a00894d5bfae4e3fb4be83c5dedc703b6b739 100644 GIT binary patch delta 246 zcmZ3?vV?`jpovLgB8!0+4@W?LPGV7Tu#cgPffO5aC<`->Fj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh L74LBPwRivk`~6jv delta 245 zcmZ3&vY3U%povL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPy zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPz zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh M74LBPwRkW908{u?mjD0& delta 246 zcmZ3=vV?`jpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPz zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh M74LBPwRju^093hFSO5S3 delta 246 zcmZ3=vV?`jpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3w-G zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh N74LBPwRr600syUMR$Tx9 delta 247 zcmZ3+vXq6zpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPz zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)c0syp!Q;`4w diff --git a/tests/data_files/server5-der4.crt b/tests/data_files/server5-der4.crt index 4af05cce1ed05ea02e9fac3fed3a0904b44799b0..4ceed41c496a286d6d7ae2c225d0f6376618d770 100644 GIT binary patch delta 250 zcmZ3^vVw)hpovLgB8!0+4@W?LPGV7Tu#cgPffO5aC<`->Fj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3w-H zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh P74LBPwRkKSm=X^FU_w_) delta 249 zcmZ3%vYds*povL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3w-I zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3pd$ zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh T74LBPwRkL9{$E|KY85{K&c)05NUiic84ia9bw#G3pd% zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3pd& zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh U74LBPwRoKWVPIVLe@T@l053UOl>h($ delta 254 zcmZ3>vWA7lpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3pd$ zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh L74LBPwRivk`~6jv delta 245 zcmZ3&vY3U%povL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPy zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)c Date: Tue, 30 May 2023 12:51:49 +0200 Subject: [PATCH 386/483] Revert "Handle simple copy import/export before driver dispatch" This reverts commit c80e7506a0666cc1469a109140abb5bfbe566bd7. Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 97 ++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 58 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ec23830a2e..acb39a1bcf 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -634,6 +634,23 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) + if (PSA_KEY_TYPE_IS_DH(type)) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* Copy the key material. */ + memcpy(key_buffer, data, data_length); + *key_buffer_length = data_length; + *bits = PSA_BYTES_TO_BITS(data_length); + (void) key_buffer_size; + + return PSA_SUCCESS; + } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC(type)) { @@ -1403,7 +1420,14 @@ psa_status_t psa_export_public_key_internal( { psa_key_type_t type = attributes->core.type; - if (PSA_KEY_TYPE_IS_RSA(type)) { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && + (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || + PSA_KEY_TYPE_IS_DH(type))) { + /* Exporting public -> public */ + return psa_export_key_buffer_internal( + key_buffer, key_buffer_size, + data, data_size, data_length); + } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key(attributes, @@ -1489,23 +1513,9 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_key_attributes_t attributes = { .core = slot->attr }; - - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( - psa_get_key_lifetime(&attributes)); - - if (location == PSA_KEY_LOCATION_LOCAL_STORAGE && - PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) && - (PSA_KEY_TYPE_IS_RSA(slot->attr.type) || PSA_KEY_TYPE_IS_ECC(slot->attr.type) || - PSA_KEY_TYPE_IS_DH(slot->attr.type))) { - /* Exporting public -> public */ - status = psa_export_key_buffer_internal( - slot->key.data, slot->key.bytes, - data, data_size, data_length); - } else { - status = psa_driver_wrapper_export_public_key( - &attributes, slot->key.data, slot->key.bytes, - data, data_size, data_length); - } + status = psa_driver_wrapper_export_public_key( + &attributes, slot->key.data, slot->key.bytes, + data, data_size, data_length); exit: unlock_status = psa_unlock_key_slot(slot); @@ -2000,27 +2010,12 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, } } - if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type) && - PSA_KEY_TYPE_IS_DH(attributes->core.type)) { - if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Copy the key material. */ - memcpy(slot->key.data, data, data_length); - bits = PSA_BYTES_TO_BITS(data_length); - - status = PSA_SUCCESS; - } else { - bits = slot->attr.bits; - status = psa_driver_wrapper_import_key(attributes, - data, data_length, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); - } - + bits = slot->attr.bits; + status = psa_driver_wrapper_import_key(attributes, + data, data_length, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); if (status != PSA_SUCCESS) { goto exit; } @@ -5835,25 +5830,11 @@ static psa_status_t psa_generate_derived_key_internal( goto exit; } - if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes.core.type) && - PSA_KEY_TYPE_IS_DH(attributes.core.type)) { - if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(bytes)) == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Copy the key material. */ - memcpy(slot->key.data, data, bytes); - bits = PSA_BYTES_TO_BITS(bytes); - - status = PSA_SUCCESS; - } else { - status = psa_driver_wrapper_import_key(&attributes, - data, bytes, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); - } + status = psa_driver_wrapper_import_key(&attributes, + data, bytes, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); if (bits != slot->attr.bits) { status = PSA_ERROR_INVALID_ARGUMENT; } From 33c91eb5d33ec56943e1e4f1c5ac720e9372322d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 30 May 2023 15:16:35 +0200 Subject: [PATCH 387/483] Add driver support for DH import key and export public key Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 13 +++----- library/psa_crypto_ffdh.c | 31 ++++++++++++++++++- library/psa_crypto_ffdh.h | 29 +++++++++++++++++ .../src/drivers/test_driver_key_management.c | 18 ++++++++++- 4 files changed, 81 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index acb39a1bcf..dc383bca31 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -640,14 +640,11 @@ psa_status_t psa_import_key_into_slot( if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { return PSA_ERROR_INVALID_ARGUMENT; } - - /* Copy the key material. */ - memcpy(key_buffer, data, data_length); - *key_buffer_length = data_length; - *bits = PSA_BYTES_TO_BITS(data_length); - (void) key_buffer_size; - - return PSA_SUCCESS; + return mbedtls_psa_ffdh_import_key(attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, + bits); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index db30a89533..4550a72b96 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -134,7 +134,18 @@ psa_status_t mbedtls_psa_export_ffdh_public_key( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_mpi GX, G, X, P; - (void) attributes; + psa_key_type_t type = attributes->core.type; + + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { + if (key_buffer_size > data_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(data, key_buffer, key_buffer_size); + memset(data + key_buffer_size, 0, + data_size - key_buffer_size); + *data_length = key_buffer_size; + return PSA_SUCCESS; + } mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G); mbedtls_mpi_init(&X); mbedtls_mpi_init(&P); @@ -199,6 +210,24 @@ cleanup: return status; } +psa_status_t mbedtls_psa_ffdh_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits) +{ + (void) attributes; + + if (key_buffer_size < data_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(key_buffer, data, data_length); + *key_buffer_length = data_length; + *bits = PSA_BYTES_TO_BITS(data_length); + + return PSA_SUCCESS; +} + #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */ diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h index 62b05b2e77..5d7d951c70 100644 --- a/library/psa_crypto_ffdh.h +++ b/library/psa_crypto_ffdh.h @@ -112,4 +112,33 @@ psa_status_t mbedtls_psa_ffdh_generate_key( size_t key_buffer_size, size_t *key_buffer_length); +/** + * \brief Import DH key. + * + * \note The signature of the function is that of a PSA driver import_key + * entry point. + * + * \param[in] attributes The attributes for the key to import. + * \param[in] data The buffer containing the key data in import + * format. + * \param[in] data_length Size of the \p data buffer in bytes. + * \param[out] key_buffer The buffer containing the key data in output + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. This + * size is greater or equal to \p data_length. + * \param[out] key_buffer_length The length of the data written in \p + * key_buffer in bytes. + * \param[out] bits The key size in number of bits. + * + * \retval #PSA_SUCCESS + * The key was generated successfully. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of \p key_buffer is too small. + */ +psa_status_t mbedtls_psa_ffdh_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits); + #endif /* PSA_CRYPTO_FFDH_H */ diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index dba0c26225..3ff1053e30 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -321,9 +321,25 @@ psa_status_t mbedtls_test_transparent_import_key( data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); +#endif + } else if (PSA_KEY_TYPE_IS_DH(type)) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_ffdh_import_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return mbedtls_psa_ffdh_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); #endif } - (void) data; (void) data_length; (void) key_buffer; From cd33413a55aad3cf7ed68427dfa98cf25beaf35b Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 30 May 2023 16:41:55 +0100 Subject: [PATCH 388/483] Modify tests to suit new behaviour Prevent the null argument test from running when only MBEDTLS_MD_LIGHT is enabled. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_md.data | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index ccc7b10ae4..15e3b99d56 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -3,6 +3,7 @@ MD list mbedtls_md_list: MD NULL/uninitialised arguments +depends_on:MBEDTLS_MD_C md_null_args: Information on MD5 From 66b96e2d877d84a1ee13ba185895d3963b9fb85a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:39:58 +0200 Subject: [PATCH 389/483] Copyediting Fix some typos and copypasta. Some very minor wording improvements. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 28 +++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index faa0ec369f..5cae1ff290 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -301,14 +301,14 @@ TODO Key derivation is more complex than other multipart operations for several reasons: -* There are multiple of inputs and outputs. +* There are multiple inputs and outputs. * Multiple drivers can be involved. This happens when an operation combines a key agreement and a subsequent symmetric key derivation, each of which can have independent drivers. This also happens when deriving an asymmetric key, where processing the secret input and generating the key output might involve different drivers. * When multiple drivers are involved, they are not always independent: if the secret input is managed by an opaque driver, it might not allow the core to retrieve the intermediate output and pass it to another driver. * The involvement of an opaque driver cannot be determined as soon as the operation is set up (since `psa_key_derivation_setup()` does not determine the key input). #### Key derivation driver dispatch logic -The core decides whether to dispatch a key derivation operation to a driver based on the location of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. +The core decides whether to dispatch a key derivation operation to a driver based on the location associated with of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. 1. If this step is passed via `psa_key_derivation_input_key()` for a key in a secure element: * If the driver for this secure element implements the `"key_derivation"` family for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. @@ -341,7 +341,7 @@ The core conveys the initial inputs for a key derivation via an opaque data stru typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type ``` -A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of type-specific the functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of the type-specific the functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. ``` enum psa_crypto_driver_key_derivation_input_type_t { @@ -364,7 +364,7 @@ The function `psa_crypto_driver_key_derivation_get_input_type()` determines whet * `PSA_KEY_DERIVATION_INPUT_TYPE_INVALID`: the step is invalid for the algorithm of the operation that the inputs are for. * `PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED`: the step is optional for the algorithm of the operation that the inputs are for, and has been omitted. * `PSA_KEY_DERIVATION_INPUT_TYPE_BYTES`: the step is valid and present and is a transparent byte string. Call `psa_crypto_driver_key_derivation_get_input_size()` to obtain the size of the input data. Call `psa_crypto_driver_key_derivation_get_input_bytes()` make a copy of the input data. -* `PSA_KEY_DERIVATION_INPUT_TYPE_KEY`: the step is valid and present and is a byte string passed via a key object. Call `psa_crypto_driver_key_derivation_get_input_key()` to obtain a pointer to the key data. +* `PSA_KEY_DERIVATION_INPUT_TYPE_KEY`: the step is valid and present and is a byte string passed via a key object. Call `psa_crypto_driver_key_derivation_get_input_key()` to obtain a pointer to the key context. * `PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER`: the step is valid and present and is an integer. Call `psa_crypto_driver_key_derivation_get_input_integer()` to retrieve the integer value. ``` @@ -391,14 +391,14 @@ The get-data functions take the following parameters: * The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry point which has not returned yet. * The `step` parameter indicates the input step whose content the driver wants to retrieve. -* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the desired input in bytes. -* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `buffer` with the desired input and sets `*buffer_length` to *N*, where *N* is the length of the input in bytes. The value of `buffer_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the specified input in bytes. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `buffer` with the specified input and sets `*buffer_length` to *N*, where *N* is the length of the input in bytes. The value of `buffer_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_key`, the core sets `*key_buffer` to a pointer to a buffer containing the key context and `*key_buffer_size` to the size of the key context in bytes. The key context buffer remains valid for the duration of the driver entry point. If the driver needs to access the key context after the current entry point returns, it must make a copy of the key context. -* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_integer`, the core sets `*value` to the value of the desired input. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_integer`, the core sets `*value` to the value of the specified input. These functions can return the following statuses: -* `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). +* `PSA_SUCCESS`: the call succeeded and the requested value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been written to the applicable parameter (`buffer_length`, `key_buffer_size`). * `PSA_ERROR_DOES_NOT_EXIST`: the input step is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). * `PSA_ERROR_INVALID_ARGUMENT`: the input type is not compatible with this function or was omitted. Call `psa_crypto_driver_key_derivation_get_input_type()` to find out the actual type of this input step. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. * `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. @@ -441,7 +441,7 @@ psa_status_t acme_key_derivation_set_capacity( acme_key_derivation_operation_t *operation, size_t capacity); ``` -`capacity` is guaranteed to be less or equal to any value previously set through this entry point, and is guaraneed not to be `PSA_KEY_DERIVATION_UNLIMITED_CAPACITY`. +`capacity` is guaranteed to be less or equal to any value previously set through this entry point, and is guaranteed not to be `PSA_KEY_DERIVATION_UNLIMITED_CAPACITY`. If this entry point has not been called, the operation has an unlimited capacity. @@ -478,7 +478,7 @@ If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure e 1. For a call to `psa_key_derivation_verify_key()` or `psa_key_derivation_verify_bytes()`, if the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's `"export_key"` entry point on the key object that contains the expected value, call the `"key_derivation_verify_bytes"` entry point on the exported material, and stop. 1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. -If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the driver then calls additional entry points in the same or another driver: +If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the core then calls additional entry points in the same or another driver: * For a call to `psa_key_derivation_output_key()` for some key types, the core calls a transparent driver's `"derive_key"` entry point. See [“Transparent cooked key derivation”](#transparent-cooked-key-derivation). * For a call to `psa_key_derivation_output_key()` where the derived key is in a secure element, call that secure element driver's `"import_key"` entry point. @@ -491,7 +491,7 @@ A capability for cooked key derivation contains the following properties (this i * `"entry_points"` (mandatory, list of strings). Must be `["derive_key"]`. * `"derived_types"` (mandatory, list of strings). Each element is a [key type specification](#key-type-specifications). This capability only applies when deriving a key of the specified type. -* `"derived_sizes"` (optional, list of integers). Each element is a [key type specification](#key-type-specifications). This capability only applies when deriving a key of the specified sizes, in bits. If absent, this capability applies to all sizes for the specified types. +* `"derived_sizes"` (optional, list of integers). Each element is a size for the derived key, in bits. This capability only applies when deriving a key of the specified sizes. If absent, this capability applies to all sizes for the specified types. * `"memory"` (optional, boolean). If present and true, the driver must define a type `"derive_key_memory_t"` and the core will allocate an object of that type as specified below. * `"names"` (optional, object). A mapping from entry point names to C function and type names, as usual. * `"fallback"` (optional, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED` if it only partially supports the specified mechanism, as usual. @@ -507,7 +507,7 @@ psa_status_t acme_derive_key( uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); ``` -* `attributes` contains the attributes of the desired key. Note that only the key type and the bit-size are guaranteed to be set. +* `attributes` contains the attributes of the specified key. Note that only the key type and the bit-size are guaranteed to be set. * `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. * If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. * `key_buffer` is a buffer for the output material. Its size is `key_buffer_size` bytes. @@ -515,7 +515,7 @@ psa_status_t acme_derive_key( This entry point may return the following statuses: -* `PSA_SUCCESS`: a key was derived successfully. The driver has placed representation of the key is in `key_buffer`. +* `PSA_SUCCESS`: a key was derived successfully. The driver has placed the representation of the key in `key_buffer`. * `PSA_ERROR_NOT_SUPPORTED` (for the first call only) (only if fallback is enabled): the driver cannot fulfill this request, but a fallback driver might. * `PSA_ERROR_INSUFFICIENT_DATA`: the core must call the `"derive_key"` entry point again with the same `memory` object and with subsequent data from the key stream. * Any other error is a fatal error. @@ -525,7 +525,7 @@ The core calls the `"derive_key"` entry point in a loop until it returns a statu For standard key types, the `"derive_key"` entry point is called with a certain input length as follows: * `PSA_KEY_TYPE_DES`: the length of the key. -* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: $m$ bytes, where the bit-size of the key $n$ satisfies $m-1 < 8 n \le m$. +* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: $m$ bytes, where the bit-size of the key $n$ satisfies $8 (m-1) < n \le 8 m$. * `PSA_KEY_TYPE_RSA_KEY_PAIR`: an implementation-defined length. A future version of this specification may specify a length. * Other key types: not applicable. From 4e94fead864467901039d5cb27af490eccad2220 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:40:56 +0200 Subject: [PATCH 390/483] Key derivation dispatch doesn't depend on the key type At least for all currently specified algorithms. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 5cae1ff290..dd35ed2264 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -311,9 +311,10 @@ Key derivation is more complex than other multipart operations for several reaso The core decides whether to dispatch a key derivation operation to a driver based on the location associated with of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. 1. If this step is passed via `psa_key_derivation_input_key()` for a key in a secure element: - * If the driver for this secure element implements the `"key_derivation"` family for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. + * If the driver for this secure element implements the `"key_derivation"` family for the specified algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. + Note that for all currently specified algorithms, the key type for the secret input does not matter. * Otherwise the core calls the secure element driver's [`"export_key"`](#key-management-with-opaque-drivers) entry point. -2. Otherwise ([or on fallback?](#fallback-for-key-derivation-in-opaque-drivers)), if there is a transparent driver for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. +2. Otherwise ([or on fallback?](#fallback-for-key-derivation-in-opaque-drivers)), if there is a transparent driver for the specified algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. 3. Otherwise, or on fallback, the core uses its built-in implementation. #### Summary of entry points for the operation family `"key_derivation"` From d2fe1d5498ca48e4a31ef4db88dcfd1c8e896ddb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:41:57 +0200 Subject: [PATCH 391/483] Rationale on key derivation inputs and buffer ownership Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index dd35ed2264..cca709d433 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -364,7 +364,7 @@ The function `psa_crypto_driver_key_derivation_get_input_type()` determines whet * `PSA_KEY_DERIVATION_INPUT_TYPE_INVALID`: the step is invalid for the algorithm of the operation that the inputs are for. * `PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED`: the step is optional for the algorithm of the operation that the inputs are for, and has been omitted. -* `PSA_KEY_DERIVATION_INPUT_TYPE_BYTES`: the step is valid and present and is a transparent byte string. Call `psa_crypto_driver_key_derivation_get_input_size()` to obtain the size of the input data. Call `psa_crypto_driver_key_derivation_get_input_bytes()` make a copy of the input data. +* `PSA_KEY_DERIVATION_INPUT_TYPE_BYTES`: the step is valid and present and is a transparent byte string. Call `psa_crypto_driver_key_derivation_get_input_size()` to obtain the size of the input data. Call `psa_crypto_driver_key_derivation_get_input_bytes()` to make a copy of the input data (design note: [why a copy?](#key-derivation-inputs-and-buffer-ownership)). * `PSA_KEY_DERIVATION_INPUT_TYPE_KEY`: the step is valid and present and is a byte string passed via a key object. Call `psa_crypto_driver_key_derivation_get_input_key()` to obtain a pointer to the key context. * `PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER`: the step is valid and present and is an integer. Call `psa_crypto_driver_key_derivation_get_input_integer()` to retrieve the integer value. @@ -1179,6 +1179,12 @@ Should drivers really have to cope with overlap? Should the core guarantee that the output buffer size has the size indicated by the applicable buffer size macro (which may be an overestimation)? +#### Key derivation inputs and buffer ownership + +Why is `psa_crypto_driver_key_derivation_get_input_bytes` a copy, rather than giving a pointer? + +The main reason is to avoid complex buffer ownership. A driver entry point does not own memory after the entry point return. This is generally necessary because an API function does not own memory after the entry point returns. In the case of key derivation inputs, this could be relaxed because the driver entry point is making callbacks to the core: these functions could return a pointer that is valid until the driver entry point, which would allow the driver to process the data immediately (e.g. hash it rather than copy it). + ### Partial computations in drivers #### Substitution points From f787879a140e933614cc68686613bbb21339c21e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:42:29 +0200 Subject: [PATCH 392/483] Clarify sequencing of long inputs Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index cca709d433..8cdc359427 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -421,7 +421,7 @@ psa_status_t acme_key_derivation_setup( #### Key derivation driver long inputs -Some key derivation algorithms take long inputs which it would not be practical to pass in the [initial inputs](#key-derivation-driver-initial-inputs). A driver that implements a key derivation algorithm that takes such inputs must provide a `"key_derivation_input_step"` entry point. The core calls this input step for all the long inputs, in an unspecified order. Long input steps may be fragmented into multiple calls of `psa_key_derivation_input_bytes()`, and the core may reassemble or refragment those fragments before passing them to the driver. +Some key derivation algorithms take long inputs which it would not be practical to pass in the [initial inputs](#key-derivation-driver-initial-inputs). A driver that implements a key derivation algorithm that takes such inputs must provide a `"key_derivation_input_step"` entry point. The core calls this entry point for all the long inputs after calling `"acme_key_derivation_setup"`. A long input step may be fragmented into multiple calls of `psa_key_derivation_input_bytes()`, and the core may reassemble or refragment those fragments before passing them to the driver. Calls to this entry point for different step values occur in an unspecified order and may be interspersed. ``` psa_status_t acme_key_derivation_input_step( From b319ed69c4a358ab1a056f3842a1bc7b377e0750 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:42:45 +0200 Subject: [PATCH 393/483] State explicitly that cooked key derivation uses the export format This is the case for all key creation in a secure element, but state it explicitly where relevant. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 8cdc359427..3aaa58bf50 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -511,7 +511,7 @@ psa_status_t acme_derive_key( * `attributes` contains the attributes of the specified key. Note that only the key type and the bit-size are guaranteed to be set. * `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. * If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. -* `key_buffer` is a buffer for the output material. Its size is `key_buffer_size` bytes. +* `key_buffer` is a buffer for the output material, in the appropriate [export format](#key-format-for-transparent-drivers) for the key type. Its size is `key_buffer_size` bytes. * On success, `*key_buffer_length` must contain the number of bytes written to `key_buffer`. This entry point may return the following statuses: From e52bff994cbfe1f253a3842663cb2f9d66a646f4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:43:29 +0200 Subject: [PATCH 394/483] Note possible issue with derive_key: who should choose the input length? Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 3aaa58bf50..da251465ea 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -510,6 +510,7 @@ psa_status_t acme_derive_key( * `attributes` contains the attributes of the specified key. Note that only the key type and the bit-size are guaranteed to be set. * `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. + TODO: how does the core choose `input_length`? Doesn't the driver know better? Should there be a driver entry point to determine the length, or should there be a callback that allows the driver to retrieve the input? (Note that for some algorithms, it's impossible to predict the amount of input in advance, because it depends on some complex calculation or even on random data, e.g. if doing a randomized pseudo-primality test.) * If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. * `key_buffer` is a buffer for the output material, in the appropriate [export format](#key-format-for-transparent-drivers) for the key type. Its size is `key_buffer_size` bytes. * On success, `*key_buffer_length` must contain the number of bytes written to `key_buffer`. From 24f52296f1e785712f4eb968c19a49e86f507325 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:44:04 +0200 Subject: [PATCH 395/483] Key agreement needs an attribute structure for our key Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index da251465ea..075b386b10 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -547,6 +547,7 @@ In other cases, the core treats `psa_key_derivation_key_agreement()` as if it wa The entry points related to key agreement have the following prototypes for a driver with the prefix `"acme"`: ``` psa_status_t acme_key_agreement(psa_algorithm_t alg, + const psa_key_attributes_t *our_attributes, const uint8_t *our_key_buffer, size_t our_key_buffer_length, const uint8_t *peer_key, @@ -555,16 +556,19 @@ psa_status_t acme_key_agreement(psa_algorithm_t alg, size_t output_size, size_t *output_length); psa_status_t acme_key_agreement_to_key(psa_algorithm_t alg, - const psa_key_attributes_t *attributes, + const psa_key_attributes_t *our_attributes, const uint8_t *our_key_buffer, size_t our_key_buffer_length, const uint8_t *peer_key, size_t peer_key_length, + const psa_key_attributes_t *shared_secret_attributes, uint8_t *shared_secret_key_buffer, size_t shared_secret_key_buffer_size, size_t *shared_secret_key_buffer_length); ``` +Note that unlike most other key creation entry points, in `"acme_key_agreement_to_key"`, the parameters for the shared secret are not placed near the beginning, but rather grouped with the other parameters at the end, to avoid confusion with the keys passed as inputs. + ### Driver entry points for key management The driver entry points for key management differ significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-opaque-drivers). This section describes common elements. Refer to the applicable section for each driver type for more information. From 6824bad4fcdb61888089a666dd46cbebd84b8458 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 31 May 2023 02:19:47 +0000 Subject: [PATCH 396/483] Change coding style to fix multi lines into one line Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index e5ec3737a6..e344ab6205 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1595,12 +1595,10 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) * the destination mod residue, compare the two mod residues. * Firstly test little endian write and read */ TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, - bytes, - MBEDTLS_MPI_MOD_EXT_REP_LE)); + bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, - bytes, - MBEDTLS_MPI_MOD_EXT_REP_LE)); + bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(limbs, rX.limbs); ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); From d1200ee2e88c18cfd464ccb6feee202b5060e988 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 30 May 2023 18:54:39 +0800 Subject: [PATCH 397/483] Fix invalid commands for ec_x{25519,448}_{prv,pub}.{der,pem} Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3d2d5dccd5..55d6cd2195 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1011,32 +1011,32 @@ ec_x25519_prv.der: $(OPENSSL) genpkey -algorithm X25519 -out $@ -outform DER all_final += ec_x25519_prv.der -ec_x25519_pub.der: ec_x25519_pub.der - $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER +ec_x25519_pub.der: ec_x25519_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout all_final += ec_x25519_pub.der -ec_x25519_prv.pem: ec_x25519_prv.pem +ec_x25519_prv.pem: ec_x25519_prv.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_x25519_prv.pem -ec_x25519_pub.pem: ec_x25519_pub.pem - $(OPENSSL) pkey -in $< -inform DER -out $@ +ec_x25519_pub.pem: ec_x25519_pub.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubin all_final += ec_x25519_pub.pem ec_x448_prv.der: $(OPENSSL) genpkey -algorithm X448 -out $@ -outform DER all_final += ec_x448_prv.der -ec_x448_pub.der: ec_x448_pub.der - $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER +ec_x448_pub.der: ec_x448_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout all_final += ec_x448_pub.der -ec_x448_prv.pem: ec_x448_prv.pem +ec_x448_prv.pem: ec_x448_prv.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_x448_prv.pem -ec_x448_pub.pem: ec_x448_pub.pem - $(OPENSSL) pkey -in $< -inform DER -out $@ +ec_x448_pub.pem: ec_x448_pub.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubin all_final += ec_x448_pub.pem ################################################################ From c18cd89b718a664b4c31c29c8eaa573360d8670c Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 31 May 2023 11:08:04 +0800 Subject: [PATCH 398/483] code_size_compare.py: add prompt for unsupported arch and config Add prompt message for a series of supported combination of architecture and configuration when someone tries unsupported combinations. Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index e61236ad3c..b8f29422d4 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -71,6 +71,14 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods infer build command for code size measurement. """ + SupportedArchConfig = [ + "-a " + SupportedArch.AARCH64.value + " -c " + SupportedConfig.DEFAULT.value, + "-a " + SupportedArch.AARCH32.value + " -c " + SupportedConfig.DEFAULT.value, + "-a " + SupportedArch.X86_64.value + " -c " + SupportedConfig.DEFAULT.value, + "-a " + SupportedArch.X86.value + " -c " + SupportedConfig.DEFAULT.value, + "-a " + SupportedArch.ARMV8_M.value + " -c " + SupportedConfig.TFM_MEDIUM.value, + ] + def __init__(self, arch: str, config: str) -> None: """ arch: architecture to measure code size on. @@ -96,6 +104,9 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods else: print("Unsupported architecture: {} and configurations: {}" .format(self.arch, self.config)) + print("\nPlease use supported combination of architecture and configuration:") + for comb in CodeSizeInfo.SupportedArchConfig: + print(comb) sys.exit(1) From 502c54f8c1f5837ac8bc5b285ab79d7c88f2fe2b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 31 May 2023 11:41:36 +0800 Subject: [PATCH 399/483] code_size_compare.py: classify arguments in parser This commit splits parsed arguments into required group and optional group to present help message clearer to users. Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 46 +++++++++++++++--------------------- 1 file changed, 19 insertions(+), 27 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index b8f29422d4..f9e672dd08 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -1,8 +1,6 @@ #!/usr/bin/env python3 """ -Purpose - This script is for comparing the size of the library files from two different Git revisions within an Mbed TLS repository. The results of the comparison is formatted as csv and stored at a @@ -278,41 +276,35 @@ class CodeSizeComparison: sys.exit(-1) def main(): - parser = argparse.ArgumentParser( - description=( - """This script is for comparing the size of the library files - from two different Git revisions within an Mbed TLS repository. - The results of the comparison is formatted as csv, and stored at - a configurable location. - Note: must be run from Mbed TLS root.""" - ) - ) - parser.add_argument( + parser = argparse.ArgumentParser(description=(__doc__)) + group_required = parser.add_argument_group( + 'required arguments', + 'required arguments to parse for running ' + os.path.basename(__file__)) + group_required.add_argument( + "-o", "--old-rev", type=str, required=True, + help="old revision for comparison.") + + group_optional = parser.add_argument_group( + 'optional arguments', + 'optional arguments to parse for running ' + os.path.basename(__file__)) + group_optional.add_argument( "-r", "--result-dir", type=str, default="comparison", help="directory where comparison result is stored, \ - default is comparison", - ) - parser.add_argument( - "-o", "--old-rev", type=str, help="old revision for comparison.", - required=True, - ) - parser.add_argument( + default is comparison") + group_optional.add_argument( "-n", "--new-rev", type=str, default=None, help="new revision for comparison, default is the current work \ - directory, including uncommitted changes." - ) - parser.add_argument( + directory, including uncommitted changes.") + group_optional.add_argument( "-a", "--arch", type=str, default=detect_arch(), choices=list(map(lambda s: s.value, SupportedArch)), help="specify architecture for code size comparison, default is the\ - host architecture." - ) - parser.add_argument( + host architecture.") + group_optional.add_argument( "-c", "--config", type=str, default=SupportedConfig.DEFAULT.value, choices=list(map(lambda s: s.value, SupportedConfig)), help="specify configuration type for code size comparison,\ - default is the current MbedTLS configuration." - ) + default is the current MbedTLS configuration.") comp_args = parser.parse_args() if os.path.isfile(comp_args.result_dir): From b20f13a41bb20a4e392b392047289a4e6bb629c0 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 31 May 2023 12:51:02 +0530 Subject: [PATCH 400/483] Change input cost type to uint64_t and fix max iteration test case Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 2 +- tests/suites/test_suite_psa_crypto.data | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 245f26a15f..d54291f819 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -116,7 +116,7 @@ typedef enum { typedef struct { psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state); - size_t MBEDTLS_PRIVATE(input_cost); + uint64_t MBEDTLS_PRIVATE(input_cost); uint8_t *MBEDTLS_PRIVATE(salt); size_t MBEDTLS_PRIVATE(salt_length); uint8_t MBEDTLS_PRIVATE(password)[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c16879bc0f..a979570b44 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5322,7 +5322,7 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS #Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000001":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 From 28111dbf06f549c26998df86e013bc3a8facc681 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 31 May 2023 09:30:58 +0200 Subject: [PATCH 401/483] Adapt guards for psa_is_dh_key_size_valid Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index dc383bca31..58e8a8a2e5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -129,6 +129,9 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) (void) hash_alg; return global_data.drivers_initialized; } +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ + defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) static int psa_is_dh_key_size_valid(size_t bits) { if (bits != 2048 && bits != 3072 && bits != 4096 && @@ -138,6 +141,9 @@ static int psa_is_dh_key_size_valid(size_t bits) return 1; } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || + PSA_WANT_KEY_TYPE_DH_KEY_PAIR */ psa_status_t mbedtls_to_psa_error(int ret) { From 6efa608d20b1928ebf4f9f82a1fcde273eace59f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 31 May 2023 09:38:21 +0200 Subject: [PATCH 402/483] Revert setting optimization flag(use O2) Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f2a37f2d4c..4b220404d2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -187,7 +187,7 @@ pre_initialize_variables () { # CFLAGS and LDFLAGS for Asan builds that don't use CMake # default to -O2, use -Ox _after_ this if you want another level - ASAN_CFLAGS='-O0 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". From 57b5d22a9e6b9bae09fde67b794f34ab36e44199 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 14:36:41 +0100 Subject: [PATCH 403/483] Reword ChangeLog entry for consistency Signed-off-by: David Horstmann --- ChangeLog.d/oid-parse-from-numeric-string.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/oid-parse-from-numeric-string.txt b/ChangeLog.d/oid-parse-from-numeric-string.txt index 459bedc832..82ed2fd713 100644 --- a/ChangeLog.d/oid-parse-from-numeric-string.txt +++ b/ChangeLog.d/oid-parse-from-numeric-string.txt @@ -1,3 +1,3 @@ Features - * Add a function mbedtls_oid_from_numeric_string to parse an OID from a + * Add function mbedtls_oid_from_numeric_string() to parse an OID from a string to a DER-encoded mbedtls_asn1_buf. From b97b689832d77464b63651fdabbec9d7bdd7dca0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 14:41:11 +0100 Subject: [PATCH 404/483] Reword function description slightly Use of the term "dotted-decimal" improves clarity. Put a full-stop where one should have been. Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 1d73506dc4..5b75077ea7 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -472,9 +472,9 @@ typedef struct mbedtls_oid_descriptor_t { int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); /** - * \brief Translate a string containing a numeric representation - * of an ASN.1 OID into its encoded form - * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D") + * \brief Translate a string containing a dotted-decimal + * representation of an ASN.1 OID into its encoded form + * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D"). * On success, this function allocates oid->buf from the * heap. It must be freed by the caller using mbedtls_free(). * From ada7d72447e996b31448af1d8a22fc7bbb8d2261 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 14:49:56 +0100 Subject: [PATCH 405/483] Improve line spacing after variable declarations Signed-off-by: David Horstmann --- library/oid.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/oid.c b/library/oid.c index 8da4103803..d2efbed1fe 100644 --- a/library/oid.c +++ b/library/oid.c @@ -898,7 +898,9 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, static int oid_parse_number(unsigned int *num, const char **p, const char *bound) { int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + *num = 0; + while (*p < bound && **p >= '0' && **p <= '9') { ret = 0; if (*num > (UINT_MAX / 10)) { @@ -914,7 +916,9 @@ static int oid_parse_number(unsigned int *num, const char **p, const char *bound static size_t oid_subidentifier_num_bytes(unsigned int value) { size_t num_bytes = 1; + value >>= 7; + while (value != 0) { num_bytes++; value >>= 7; @@ -927,6 +931,7 @@ static int oid_subidentifier_encode_into(unsigned char **p, unsigned int value) { size_t num_bytes = oid_subidentifier_num_bytes(value); + if ((size_t) (bound - *p) < num_bytes) { return MBEDTLS_ERR_OID_BUF_TOO_SMALL; } @@ -947,14 +952,13 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size) { int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - const char *str_ptr = oid_str; const char *str_bound = oid_str + size; unsigned int val = 0; unsigned int component1, component2; - /* Count the number of dots to get a worst-case allocation size. */ size_t num_dots = 0; + for (size_t i = 0; (i < size) && (oid_str[i] != '\0'); i++) { if (oid_str[i] == '.') { num_dots++; From 25d65e85274b4eb788be1dda8781625ec35dc4a9 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 14:53:07 +0100 Subject: [PATCH 406/483] Refactor while loop for simplicity Signed-off-by: David Horstmann --- library/oid.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/library/oid.c b/library/oid.c index d2efbed1fe..ea1e70bf09 100644 --- a/library/oid.c +++ b/library/oid.c @@ -915,14 +915,13 @@ static int oid_parse_number(unsigned int *num, const char **p, const char *bound static size_t oid_subidentifier_num_bytes(unsigned int value) { - size_t num_bytes = 1; + size_t num_bytes = 0; - value >>= 7; - - while (value != 0) { - num_bytes++; + do { value >>= 7; - } + num_bytes++; + } while (value != 0); + return num_bytes; } From 6883358c16f2e369129753d3999bb345e57c3f29 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 17:27:28 +0100 Subject: [PATCH 407/483] Hoist variable declarations to before goto This should appease IAR, which does not like declarations in the middle of goto sequences. Signed-off-by: David Horstmann --- library/oid.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/oid.c b/library/oid.c index ea1e70bf09..87e5d892f2 100644 --- a/library/oid.c +++ b/library/oid.c @@ -957,6 +957,8 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, unsigned int component1, component2; /* Count the number of dots to get a worst-case allocation size. */ size_t num_dots = 0; + size_t encoded_len; + unsigned char *minimum_mem; for (size_t i = 0; (i < size) && (oid_str[i] != '\0'); i++) { if (oid_str[i] == '.') { @@ -1040,8 +1042,8 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } } - size_t encoded_len = out_ptr - oid->p; - unsigned char *minimum_mem = mbedtls_calloc(encoded_len, 1); + encoded_len = out_ptr - oid->p; + minimum_mem = mbedtls_calloc(encoded_len, 1); if (minimum_mem == NULL) { ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; goto error; From f6853a87512171975949b0b8d8ca1b5ae6aba14f Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:00:11 +0200 Subject: [PATCH 408/483] test: optimizing test_suite_pkwrite code Signed-off-by: valerio --- tests/suites/test_suite_pkwrite.function | 94 +++++++++++++++++------- 1 file changed, 66 insertions(+), 28 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index c148c8a848..4820fbd439 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -28,6 +28,43 @@ static void fix_new_lines(unsigned char *in_str, size_t *len) } } +static int pk_write_any_key(mbedtls_pk_context *pk, unsigned char **p, + size_t *buf_len, int is_public_key, int is_der) +{ + int ret = 0; + + if (is_der) { + if (is_public_key) { + ret = mbedtls_pk_write_pubkey_der(pk, *p, *buf_len); + } else { + ret = mbedtls_pk_write_key_der(pk, *p, *buf_len); + } + if (ret <= 0) { + return ret; + } + + *p = *p + *buf_len - ret; + *buf_len = ret; + } else { +#if defined(MBEDTLS_PEM_WRITE_C) + if (is_public_key) { + ret = mbedtls_pk_write_pubkey_pem(pk, *p, *buf_len); + } else { + ret = mbedtls_pk_write_key_pem(pk, *p, *buf_len); + } + if (ret != 0) { + return ret; + } + + *buf_len = strlen((char *) *p) + 1; /* +1 takes the string terminator into account */ +#else + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif + } + + return 0; +} + static void pk_write_check_common(char *key_file, int is_public_key, int is_der) { mbedtls_pk_context key; @@ -35,7 +72,11 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) unsigned char *check_buf = NULL; unsigned char *start_buf; size_t buf_len, check_buf_len; - int ret; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + USE_PSA_INIT(); mbedtls_pk_init(&key); USE_PSA_INIT(); @@ -62,42 +103,39 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) if (is_public_key) { TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0); - if (is_der) { - ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len); - } else { -#if defined(MBEDTLS_PEM_WRITE_C) - ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len); -#else - ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; -#endif - } } else { TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL, mbedtls_test_rnd_std_rand, NULL), 0); - if (is_der) { - ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len); - } else { -#if defined(MBEDTLS_PEM_WRITE_C) - ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len); -#else - ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; -#endif - } } - if (is_der) { - TEST_LE_U(1, ret); - buf_len = ret; - start_buf = buf + check_buf_len - buf_len; - } else { - TEST_EQUAL(ret, 0); - buf_len = strlen((char *) buf) + 1; /* +1 takes the string terminator into account */ - start_buf = buf; - } + start_buf = buf; + buf_len = check_buf_len; + TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, + is_der), 0); ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + /* Verify that pk_write works also for opaque private keys */ + if (!is_public_key) { + memset(buf, 0, check_buf_len); + TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&key, &opaque_id, + PSA_ALG_NONE, + PSA_KEY_USAGE_EXPORT, + PSA_ALG_NONE), 0); + start_buf = buf; + buf_len = check_buf_len; + TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, + is_der), 0); + + ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_destroy_key(opaque_id); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_free(buf); mbedtls_free(check_buf); mbedtls_pk_free(&key); From a87601dc112e3fe308b04609f9706d3f138ba179 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:01:55 +0200 Subject: [PATCH 409/483] pk_internal: add support for opaque keys for getting EC curve ID Signed-off-by: valerio --- library/pk_internal.h | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 8d4b005710..21fb34a8f4 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -84,11 +84,30 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk) { mbedtls_ecp_group_id id; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t opaque_key_type; + psa_ecc_family_t curve; + + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { + return MBEDTLS_ECP_DP_NONE; + } + opaque_key_type = psa_get_key_type(&opaque_attrs); + curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type); + id = mbedtls_ecc_group_of_psa(curve, psa_get_key_bits(&opaque_attrs), 0); + psa_reset_key_attributes(&opaque_attrs); + } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); + id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - id = mbedtls_pk_ec_ro(*pk)->grp.id; + id = mbedtls_pk_ec_ro(*pk)->grp.id; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + } + return id; } From 64e0184a39625f91a0c7090eb5e647a159d84e34 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:02:43 +0200 Subject: [PATCH 410/483] psa_util: add support for rfc8410's OIDs Signed-off-by: valerio --- include/mbedtls/psa_util.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index f7ed2ebfee..64c24358ef 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -248,6 +248,22 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ } break; + case PSA_ECC_FAMILY_MONTGOMERY: + switch (bits) { +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + case 255: + *oid = MBEDTLS_OID_X25519; + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_X25519); + return 0; +#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + case 448: + *oid = MBEDTLS_OID_X448; + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_X448); + return 0; +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + } + break; } (void) oid; (void) oid_len; From b7273141333e9eb8a7cf7d397f156f72cfdca6d8 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:07:18 +0200 Subject: [PATCH 411/483] pk: add internal helpers for opaque keys Signed-off-by: valerio --- library/pkwrite.c | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index d6848151c1..559611c0d7 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -58,7 +58,8 @@ #include "mbedtls/platform.h" /* Helper for Montgomery curves */ -#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) { mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk); @@ -75,7 +76,41 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) #endif return 0; } -#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* It is assumed that the input key is opaque */ +static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) +{ + psa_ecc_family_t ec_family = 0; + psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; + + if (psa_get_key_attributes(pk->priv_id, &key_attrs) != PSA_SUCCESS) { + return 0; + } + ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&key_attrs)); + psa_reset_key_attributes(&key_attrs); + + return ec_family; +} +#endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_ECP_LIGHT */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* It is assumed that the input key is opaque */ +static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) +{ + psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t opaque_key_type; + + if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { + return 0; + } + opaque_key_type = psa_get_key_type(&opaque_attrs); + psa_reset_key_attributes(&opaque_attrs); + + return opaque_key_type; +} +#endif /* MBETLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_RSA_C) /* From 9ea26173d6bf4d2124459a6b5b50722ef2b8a551 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:10:23 +0200 Subject: [PATCH 412/483] pk: uniformmize public key writing functions Signed-off-by: valerio --- library/pkwrite.c | 115 +++++++++++++++++++++++++++++++++------------- 1 file changed, 82 insertions(+), 33 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 559611c0d7..9fd660fd2e 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -120,11 +120,12 @@ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) * } */ static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start, - mbedtls_rsa_context *rsa) + const mbedtls_pk_context *pk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_mpi T; + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); mbedtls_mpi_init(&T); @@ -158,29 +159,26 @@ end_of_export: #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { size_t len = 0; + uint8_t buf[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - len = pk->pub_raw_len; + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + } else { + len = pk->pub_raw_len; - if (*p < start || (size_t) (*p - start) < len) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } + if (*p < start || (size_t) (*p - start) < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } - memcpy(*p - len, pk->pub_raw, len); - *p -= len; -#else - unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; - mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, buf, sizeof(buf))) != 0) { - return ret; + memcpy(*p - len, pk->pub_raw, len); + *p -= len; } if (*p < start || (size_t) (*p - start) < len) { @@ -189,10 +187,50 @@ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, *p -= len; memcpy(*p, buf, len); -#endif return (int) len; } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ +static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *pk) +{ + size_t len = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + uint8_t buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; +#else + unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + *p -= len; + memcpy(*p, buf, len); + return (int) len; + } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + { + if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, buf, sizeof(buf))) != 0) { + return ret; + } + } + + if (*p < start || (size_t) (*p - start) < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + *p -= len; + memcpy(*p, buf, len); + + return (int) len; +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* * ECParameters ::= CHOICE { @@ -251,6 +289,30 @@ exit: } #endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *pk) +{ + size_t buffer_size; + size_t len = 0; + + if (*p < start) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + buffer_size = (size_t) (*p - start); + if (psa_export_public_key(pk->priv_id, start, buffer_size, + &len) != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + *p -= len; + memmove(*p, start, len); + + return (int) len; +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *key) { @@ -259,7 +321,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { - MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, mbedtls_pk_rsa(*key))); + MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key)); } else #endif #if defined(MBEDTLS_ECP_LIGHT) @@ -269,20 +331,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { - size_t buffer_size; - - if (*p < start) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - buffer_size = (size_t) (*p - start); - if (psa_export_public_key(key->priv_id, start, buffer_size, &len) - != PSA_SUCCESS) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } else { - *p -= len; - memmove(*p, start, len); - } + MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key)); } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; From ba1fd32eda9d7ecc0ff5f9465b55005de5cc2f7f Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:13:17 +0200 Subject: [PATCH 413/483] pk: optimize/reshape public key writing Signed-off-by: valerio --- library/pkwrite.c | 40 ++++++++++------------------------------ 1 file changed, 10 insertions(+), 30 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 9fd660fd2e..a86d16c7b3 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -377,44 +377,22 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu pk_type = mbedtls_pk_get_type(key); #if defined(MBEDTLS_ECP_LIGHT) if (pk_type == MBEDTLS_PK_ECKEY) { -#if defined(MBEDTLS_ECP_C) - ec_grp_id = mbedtls_pk_ec_ro(*key)->grp.id; -#else /* MBEDTLS_ECP_C */ - ec_grp_id = mbedtls_ecc_group_of_psa(key->ec_family, key->ec_bits, 0); -#endif /* MBEDTLS_ECP_C */ + ec_grp_id = mbedtls_pk_get_group_id(key); } #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) if (pk_type == MBEDTLS_PK_OPAQUE) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - - if (PSA_SUCCESS != psa_get_key_attributes(key->priv_id, - &attributes)) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - key_type = psa_get_key_type(&attributes); - + psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); #if defined(MBEDTLS_ECP_LIGHT) - if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type)) { - psa_ecc_family_t curve; - - curve = PSA_KEY_TYPE_ECC_GET_FAMILY(key_type); - if (curve != 0) { - ec_grp_id = mbedtls_ecc_group_of_psa(curve, psa_get_key_bits(&attributes), 0); - if (ec_grp_id != MBEDTLS_ECP_DP_NONE) { - /* The rest of the function works as for legacy EC contexts. */ + if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { pk_type = MBEDTLS_PK_ECKEY; - } - } - } + ec_grp_id = mbedtls_pk_get_group_id(key); + } else #endif /* MBEDTLS_ECP_LIGHT */ - if (PSA_KEY_TYPE_IS_RSA(key_type)) { + if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { /* The rest of the function works as for legacy RSA contexts. */ pk_type = MBEDTLS_PK_RSA; } - - psa_reset_key_attributes(&attributes); } /* `pk_type` will have been changed to non-opaque by here if this function can handle it */ if (pk_type == MBEDTLS_PK_OPAQUE) { @@ -424,11 +402,13 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu #if defined(MBEDTLS_ECP_LIGHT) if (pk_type == MBEDTLS_PK_ECKEY) { - /* Some groups have their own AlgorithmIdentifier OID, others are handled by mbedtls_oid_get_oid_by_pk_alg() below */ + /* Some groups have their own AlgorithmIdentifier OID, others are handled + * by mbedtls_oid_get_oid_by_pk_alg() below */ ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len); if (ret == 0) { - /* Currently, none of the supported algorithms that have their own AlgorithmIdentifier OID have any parameters */ + /* Currently, none of the supported algorithms that have their own + * AlgorithmIdentifier OID have any parameters */ has_par = 0; } else if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id)); From 52b675ffc30961c1e7a5d8edee5e4969684d7967 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:14:37 +0200 Subject: [PATCH 414/483] pk: extend pk_write_ec_private to support opaque keys Signed-off-by: valerio --- library/pkwrite.c | 67 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 16 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index a86d16c7b3..a53bada240 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -257,36 +257,71 @@ static int pk_write_ec_param(unsigned char **p, unsigned char *start, /* * privateKey OCTET STRING -- always of length ceil(log2(n)/8) */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_write_ec_private(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { size_t byte_length; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; psa_status_t status; - status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); - if (status != PSA_SUCCESS) { - ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); - goto exit; + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); + if (status != PSA_SUCCESS) { + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + return ret; + } + } else { + status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); + if (status != PSA_SUCCESS) { + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + goto exit; + } } -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; - mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); - byte_length = (ec->grp.pbits + 7) / 8; - ret = mbedtls_ecp_write_key(ec, tmp, byte_length); - if (ret != 0) { - goto exit; - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); exit: mbedtls_platform_zeroize(tmp, sizeof(tmp)); return ret; } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ +static int pk_write_ec_private(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *pk) +{ + size_t byte_length; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + psa_status_t status; +#else + unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); + if (status != PSA_SUCCESS) { + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + return ret; + } + } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + { + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); + byte_length = (ec->grp.pbits + 7) / 8; + + ret = mbedtls_ecp_write_key(ec, tmp, byte_length); + if (ret != 0) { + goto exit; + } + } + ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); +exit: + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + return ret; +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -385,7 +420,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); #if defined(MBEDTLS_ECP_LIGHT) if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { - pk_type = MBEDTLS_PK_ECKEY; + pk_type = MBEDTLS_PK_ECKEY; ec_grp_id = mbedtls_pk_get_group_id(key); } else #endif /* MBEDTLS_ECP_LIGHT */ From c0bac57ac90d15e4f2e4d93ea85d15178f5977c4 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:15:41 +0200 Subject: [PATCH 415/483] pk: optimized/reshape code for writing private key DER Signed-off-by: valerio --- library/pkwrite.c | 202 +++++++++++++++++++++++++++++----------------- 1 file changed, 128 insertions(+), 74 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index a53bada240..869596de3b 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -519,27 +519,91 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, return (int) len; } #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ -int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) +/* + * RFC 5915, or SEC1 Appendix C.4 + * + * ECPrivateKey ::= SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL + * } + */ +static int pk_write_ec_der(unsigned char **p, unsigned char *buf, + const mbedtls_pk_context *pk) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *c; size_t len = 0; -#if defined(MBEDTLS_ECP_LIGHT) + int ret; + size_t pub_len = 0, par_len = 0; mbedtls_ecp_group_id grp_id; -#endif - if (size == 0) { + /* publicKey */ + MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk)); + + if (*p - buf < 1) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; } + (*p)--; + **p = 0; + pub_len += 1; - c = buf + size; + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING)); + + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 1)); + len += pub_len; + + /* parameters */ + grp_id = mbedtls_pk_get_group_id(pk); + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id)); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len)); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0)); + len += par_len; + + /* privateKey */ + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); + + /* version */ + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1)); + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} +#endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { +static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, + const mbedtls_pk_context *pk) +{ + size_t len = 0; + int ret; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; + size_t tmp_len = 0; + + if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + *p -= tmp_len; + memcpy(*p, tmp, tmp_len); + len += tmp_len; + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + { mbedtls_mpi T; /* Temporary holding the exported parameters */ - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*key); + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); /* * Export the parameters one after another to avoid simultaneous copies. @@ -549,21 +613,21 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export QP */ if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; /* Export DQ */ if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; /* Export DP */ if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -571,7 +635,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export Q */ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -579,7 +643,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export P */ if ((ret = mbedtls_rsa_export(rsa, NULL, &T, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -587,7 +651,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export D */ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -595,7 +659,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export E */ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -603,7 +667,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export N */ if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -615,71 +679,61 @@ end_of_export: return ret; } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + } + + return (int) len; +} +#endif /* MBEDTLS_RSA_C */ + +int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) +{ + unsigned char *c; + size_t len = 0; +#if defined(MBEDTLS_RSA_C) + int is_rsa_opaque = 0; +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_LIGHT) + int is_ec_opaque = 0; +#endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + if (size == 0) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + c = buf + size; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { +#if defined(MBEDTLS_RSA_C) + is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_LIGHT) + is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); +#endif /* MBEDTLS_ECP_LIGHT */ + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_RSA_C) + if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) { + return pk_write_rsa_der(&c, buf, key); } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { - size_t pub_len = 0, par_len = 0; - + if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410(key)) { return pk_write_ec_rfc8410_der(&c, buf, key); } -#endif - - /* - * RFC 5915, or SEC1 Appendix C.4 - * - * ECPrivateKey ::= SEQUENCE { - * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), - * privateKey OCTET STRING, - * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, - * publicKey [1] BIT STRING OPTIONAL - * } - */ - - /* publicKey */ - MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, key)); - - if (c - buf < 1) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - *--c = 0; - pub_len += 1; - - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len)); - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); - - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len)); - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 1)); - len += pub_len; - - /* parameters */ - grp_id = mbedtls_pk_get_group_id(key); - MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, grp_id)); - - MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len)); - MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0)); - len += par_len; - - /* privateKey */ - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, key)); - - /* version */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ + return pk_write_ec_der(&c, buf, key); } else #endif /* MBEDTLS_ECP_LIGHT */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; From e279e50a76580a03b690fac61d8a823f68137a0e Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:16:12 +0200 Subject: [PATCH 416/483] pk: optimized/reshape code for writing private key PEM Signed-off-by: valerio --- library/pkwrite.c | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 869596de3b..821de14286 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -786,21 +786,50 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, unsigned char output_buf[PRV_DER_MAX_BYTES]; const char *begin, *end; size_t olen = 0; +#if defined(MBEDTLS_ECP_LIGHT) + int is_ec_opaque = 0; +#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) + int is_montgomery_opaque = 0; +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_RSA_C) + int is_rsa_opaque = 0; +#endif if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) { return ret; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { + psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); + #if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { + is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); +#endif +#if defined(MBEDTLS_ECP_LIGHT) + is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); +#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) + if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) { + is_montgomery_opaque = 1; + } +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_ECP_LIGHT */ + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_RSA_C) + if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) { begin = PEM_BEGIN_PRIVATE_KEY_RSA; end = PEM_END_PRIVATE_KEY_RSA; } else #endif #if defined(MBEDTLS_ECP_LIGHT) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { + if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410(key)) { + if (is_montgomery_opaque || + ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) && + (mbedtls_pk_is_rfc8410(key)))) { begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8; } else From f1d29136acef7b5aa97ce7c5e3cdc5b6e7d9660c Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 15:22:48 +0200 Subject: [PATCH 417/483] test: remove debug echo in component Signed-off-by: valerio --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4b220404d2..36d5fa4167 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2508,7 +2508,6 @@ psa_crypto_config_accel_all_curves_except_one () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - echo $ALG scripts/config.py -f include/psa/crypto_config.h unset $ALG done From c6e6fb320fb2c3dff2927827419b40362aec8794 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 15:46:20 +0200 Subject: [PATCH 418/483] pk: fix guard position Signed-off-by: valerio --- library/pkwrite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 821de14286..8a08f605b8 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -76,7 +76,6 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) #endif return 0; } -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) @@ -93,6 +92,7 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) return ec_family; } #endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) From f9139e55ce99aa4ca31c7e0bd165bb85b8efe67d Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 18:01:33 +0200 Subject: [PATCH 419/483] pk: minor code fixes - removing duplicated code - uninitialized variable usage Signed-off-by: valerio --- library/pkwrite.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 8a08f605b8..218d0c1abe 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -172,13 +172,7 @@ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, } } else { len = pk->pub_raw_len; - - if (*p < start || (size_t) (*p - start) < len) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - memcpy(*p - len, pk->pub_raw, len); - *p -= len; + memcpy(buf, pk->pub_raw, len); } if (*p < start || (size_t) (*p - start) < len) { @@ -701,7 +695,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, int is_ec_opaque = 0; #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); + psa_key_type_t opaque_key_type; #endif /* MBEDTLS_USE_PSA_CRYPTO */ if (size == 0) { @@ -712,6 +706,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { + opaque_key_type = pk_get_opaque_key_type(key); #if defined(MBEDTLS_RSA_C) is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); #endif /* MBEDTLS_RSA_C */ From 73cfde8f85e10f4face574ee783904b33e6d0c62 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 30 May 2023 15:34:28 +0100 Subject: [PATCH 420/483] Remove certain null pointer checks when only MD_LIGHT enabled When MD_LIGHT is enabled but MD_C is not then certain null pointer checks can be removed on functions that take an mbedtls_md_context_t * as a parameter, since MD_LIGHT does not support these null pointers. Signed-off-by: Thomas Daubney --- library/md.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/library/md.c b/library/md.c index bebe3580bd..306af72b32 100644 --- a/library/md.c +++ b/library/md.c @@ -376,7 +376,12 @@ int mbedtls_md_clone(mbedtls_md_context_t *dst, int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac) { - if (md_info == NULL || ctx == NULL) { +#if defined(MBEDTLS_MD_C) + if (ctx == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } +#endif + if (md_info == NULL) { return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } @@ -455,9 +460,11 @@ int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info int mbedtls_md_starts(mbedtls_md_context_t *ctx) { +#if defined(MBEDTLS_MD_C) if (ctx == NULL || ctx->md_info == NULL) { return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } +#endif #if defined(MBEDTLS_MD_SOME_PSA) if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { @@ -504,9 +511,11 @@ int mbedtls_md_starts(mbedtls_md_context_t *ctx) int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) { +#if defined(MBEDTLS_MD_C) if (ctx == NULL || ctx->md_info == NULL) { return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } +#endif #if defined(MBEDTLS_MD_SOME_PSA) if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { @@ -551,9 +560,11 @@ int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, siz int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) { +#if defined(MBEDTLS_MD_C) if (ctx == NULL || ctx->md_info == NULL) { return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } +#endif #if defined(MBEDTLS_MD_SOME_PSA) if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { From d1a203a382a65a458a5736525237525dc3ca9697 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:02:15 +0100 Subject: [PATCH 421/483] Cosmetic fixes to doxygen comment Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 5b75077ea7..da3d70ed57 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -478,12 +478,12 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * On success, this function allocates oid->buf from the * heap. It must be freed by the caller using mbedtls_free(). * - * \param oid mbedtls_asn1_buf to populate with the DER-encoded OID + * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID * \param oid_str string representation of the OID to parse * \param size length of the OID string * * \return 0 if successful - * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if oid_str does not + * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not * represent a valid OID * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to * allocate oid->buf From 017139751a81895faa33ce59f1d1ff5ced5b741b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:04:20 +0100 Subject: [PATCH 422/483] Change behaviour away from NUL-terminated strings Instead, require the length of the string to be passed. This is more useful for our use-case, as it is likely we will parse OIDs from the middle of strings. Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 5 +++-- library/oid.c | 8 ++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index da3d70ed57..68ae723179 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -479,8 +479,9 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * heap. It must be freed by the caller using mbedtls_free(). * * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID - * \param oid_str string representation of the OID to parse - * \param size length of the OID string + * \param oid_str string representation of the OID to parse, not + * NUL-terminated + * \param size length of the OID string, not including any NUL terminator * * \return 0 if successful * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not diff --git a/library/oid.c b/library/oid.c index 87e5d892f2..312a6375bd 100644 --- a/library/oid.c +++ b/library/oid.c @@ -960,7 +960,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, size_t encoded_len; unsigned char *minimum_mem; - for (size_t i = 0; (i < size) && (oid_str[i] != '\0'); i++) { + for (size_t i = 0; i < size; i++) { if (oid_str[i] == '.') { num_dots++; } @@ -1003,7 +1003,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, ret = MBEDTLS_ERR_ASN1_INVALID_DATA; goto error; } - if (str_ptr < str_bound && *str_ptr != '\0') { + if (str_ptr < str_bound) { if (*str_ptr == '.') { str_ptr++; } else { @@ -1022,12 +1022,12 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, goto error; } - while (str_ptr < str_bound && *str_ptr != '\0') { + while (str_ptr < str_bound) { ret = oid_parse_number(&val, &str_ptr, str_bound); if (ret != 0) { goto error; } - if (str_ptr < str_bound && *str_ptr != '\0') { + if (str_ptr < str_bound) { if (*str_ptr == '.') { str_ptr++; } else { From 5d074168f38e6ee87c34087343f7a7abc9ac5be4 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:09:27 +0100 Subject: [PATCH 423/483] Rearrange declarations for readability Signed-off-by: David Horstmann --- library/oid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/oid.c b/library/oid.c index 312a6375bd..cda87a9dcf 100644 --- a/library/oid.c +++ b/library/oid.c @@ -955,11 +955,11 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *str_bound = oid_str + size; unsigned int val = 0; unsigned int component1, component2; - /* Count the number of dots to get a worst-case allocation size. */ - size_t num_dots = 0; size_t encoded_len; unsigned char *minimum_mem; + /* Count the number of dots to get a worst-case allocation size. */ + size_t num_dots = 0; for (size_t i = 0; i < size; i++) { if (oid_str[i] == '.') { num_dots++; From 45d5e2dc1a5c12e732f8b6c2ceadcc1b99130c13 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:10:33 +0100 Subject: [PATCH 424/483] Rename minimum_mem to resized_mem This new name is clearer about its purpose. Signed-off-by: David Horstmann --- library/oid.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/oid.c b/library/oid.c index cda87a9dcf..02e41363e2 100644 --- a/library/oid.c +++ b/library/oid.c @@ -956,7 +956,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, unsigned int val = 0; unsigned int component1, component2; size_t encoded_len; - unsigned char *minimum_mem; + unsigned char *resized_mem; /* Count the number of dots to get a worst-case allocation size. */ size_t num_dots = 0; @@ -1043,14 +1043,14 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } encoded_len = out_ptr - oid->p; - minimum_mem = mbedtls_calloc(encoded_len, 1); - if (minimum_mem == NULL) { + resized_mem = mbedtls_calloc(encoded_len, 1); + if (resized_mem == NULL) { ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; goto error; } - memcpy(minimum_mem, oid->p, encoded_len); + memcpy(resized_mem, oid->p, encoded_len); mbedtls_free(oid->p); - oid->p = minimum_mem; + oid->p = resized_mem; oid->len = encoded_len; oid->tag = MBEDTLS_ASN1_OID; From bf95e9a0584c54bf7535c76608de31b0e52d29b2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:33:15 +0100 Subject: [PATCH 425/483] Reword description and change NUL to null Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 68ae723179..7fa0141399 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -479,9 +479,8 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * heap. It must be freed by the caller using mbedtls_free(). * * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID - * \param oid_str string representation of the OID to parse, not - * NUL-terminated - * \param size length of the OID string, not including any NUL terminator + * \param oid_str string representation of the OID to parse + * \param size length of the OID string, not including any null terminator * * \return 0 if successful * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not From 21f1744d76c06351a392301a9d3960ad278e8e40 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 1 Jun 2023 11:29:06 +0800 Subject: [PATCH 426/483] code_size_compare.py: fix make command logic in default config If system architecture doesn't match architecture of input argument for default configuration, it's reported as an error. Additionally, it prints out help message to show which architecture and configuration option should be used. Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index f9e672dd08..de5249a5e7 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -77,7 +77,7 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods "-a " + SupportedArch.ARMV8_M.value + " -c " + SupportedConfig.TFM_MEDIUM.value, ] - def __init__(self, arch: str, config: str) -> None: + def __init__(self, arch: str, config: str, sys_arch: str) -> None: """ arch: architecture to measure code size on. config: configuration type to measure code size with. @@ -85,12 +85,14 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods """ self.arch = arch self.config = config + self.sys_arch = sys_arch self.make_command = self.set_make_command() def set_make_command(self) -> str: """Infer build command based on architecture and configuration.""" - if self.config == SupportedConfig.DEFAULT.value: + if self.config == SupportedConfig.DEFAULT.value and \ + self.arch == self.sys_arch: return 'make -j lib CFLAGS=\'-Os \' ' elif self.arch == SupportedArch.ARMV8_M.value and \ self.config == SupportedConfig.TFM_MEDIUM.value: @@ -100,11 +102,16 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods -DMBEDTLS_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_MBEDCRYPTO_H + '\\\" \ -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_PSA_CRYPTO_H + '\\\" \'' else: - print("Unsupported architecture: {} and configurations: {}" + print("Unsupported combination of architecture: {} and configuration: {}" .format(self.arch, self.config)) print("\nPlease use supported combination of architecture and configuration:") for comb in CodeSizeInfo.SupportedArchConfig: print(comb) + print("\nFor your system, please use:") + for comb in CodeSizeInfo.SupportedArchConfig: + if "default" in comb and self.sys_arch not in comb: + continue + print(comb) sys.exit(1) @@ -320,7 +327,8 @@ def main(): else: new_revision = "current" - code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config) + code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config, + detect_arch()) print("Measure code size for architecture: {}, configuration: {}" .format(code_size_info.arch, code_size_info.config)) result_dir = comp_args.result_dir From 1747304a7a3e86706261ad96447feb1b496ae490 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sun, 30 Apr 2023 14:11:23 -0400 Subject: [PATCH 427/483] Update the descriptions of SANs All of them are listed, so the previous description was wrong. Signed-off-by: Andrzej Kurek --- include/mbedtls/x509.h | 5 +++-- include/mbedtls/x509_crt.h | 2 +- include/mbedtls/x509_csr.h | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 7faf176b5a..6f3b555782 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -304,7 +304,7 @@ mbedtls_x509_san_other_name; typedef struct mbedtls_x509_subject_alternative_name { int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ union { - mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ + mbedtls_x509_san_other_name other_name; mbedtls_x509_name directory_name; mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */ } @@ -401,7 +401,8 @@ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); * of the subject alternative name encoded in \p san_raw. * * \note Supported GeneralName types, as defined in RFC 5280: - * "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name" + * "rfc822Name", "dnsName", "directoryName", + * "uniformResourceIdentifier" and "hardware_module_name" * of type "otherName", as defined in RFC 4108. * * \note This function should be called on a single raw data of diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e1b4aa238d..803ef735de 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -75,7 +75,7 @@ typedef struct mbedtls_x509_crt { mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier, DirectoryName and OtherName are listed). */ + mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */ mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */ mbedtls_x509_authority authority_key_id; /**< Optional X.509 v3 extension authority key identifier. */ diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index f3f9e13a03..76e02380fb 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -60,7 +60,7 @@ typedef struct mbedtls_x509_csr { unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ + mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */ int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */ From 154a605ae81cacf7ead7c70e116f240ef5e07765 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sun, 30 Apr 2023 14:11:49 -0400 Subject: [PATCH 428/483] Change the name of the temporary san variable Explain why it is used. Signed-off-by: Andrzej Kurek --- library/x509.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/x509.c b/library/x509.c index 5f6715aa25..8a4426478d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1215,9 +1215,9 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, mbedtls_asn1_sequence *cur = subject_alt_name; while (*p < end) { - mbedtls_x509_subject_alternative_name dummy_san_buf; + mbedtls_x509_subject_alternative_name tmp_san_name; mbedtls_x509_buf tmp_san_buf; - memset(&dummy_san_buf, 0, sizeof(dummy_san_buf)); + memset(&tmp_san_name, 0, sizeof(tmp_san_name)); tmp_san_buf.tag = **p; (*p)++; @@ -1236,9 +1236,10 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, } /* - * Check that the SAN is structured correctly. + * Check that the SAN is structured correctly by parsing it. + * The SAN structure is discarded afterwards. */ - ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf); + ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &tmp_san_name); /* * In case the extension is malformed, return an error, * and clear the allocated sequences. @@ -1249,7 +1250,7 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, return ret; } - mbedtls_x509_free_subject_alt_name(&dummy_san_buf); + mbedtls_x509_free_subject_alt_name(&tmp_san_name); /* Allocate and assign next pointer */ if (cur->buf.p != NULL) { if (cur->next != NULL) { @@ -1439,7 +1440,7 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, break; /* - * RFC822 Name + * rfc822Name */ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME): { From 7c86974d6de67d71c628f13e8bad93d5324ae5c5 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 2 Jun 2023 05:02:41 -0400 Subject: [PATCH 429/483] Fix overflow checks in x509write_crt Previous ones could still overflow. Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index f57841c4fd..ea8471cfb0 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -186,19 +186,23 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c * maximum 4 bytes for the length field, * 1 byte for the tag/type. */ - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); + CHECK_OVERFLOW_ADD(buflen, 4 + 1); break; case MBEDTLS_X509_SAN_DIRECTORY_NAME: { const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; while (chunk != NULL) { - // 5 bytes for OID, max 4 bytes for length, +1 for tag, + // Max 4 bytes for length, +1 for tag, // additional 4 max for length, +1 for tag. // See x509_write_name for more information. - CHECK_OVERFLOW_ADD(buflen, chunk->val.len + 5 + 4 + 1 + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, chunk->oid.len); + CHECK_OVERFLOW_ADD(buflen, chunk->val.len); chunk = chunk->next; } - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); + CHECK_OVERFLOW_ADD(buflen, 4 + 1); break; } default: From f994bc51adcc6ba0e68eb1ac501633fee94b3003 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 2 Jun 2023 05:10:17 -0400 Subject: [PATCH 430/483] Refactor code in cert_write.c This way is more robust. Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 6d318e5f7e..e4f8886fe9 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -622,7 +622,9 @@ usage: goto usage; } - if (strcmp(q, "IP") != 0 && strcmp(q, "DN") != 0) { + if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME || + cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER || + cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) { cur->node.san.unstructured_name.p = (unsigned char *) subtype_value; cur->node.san.unstructured_name.len = strlen(subtype_value); } From 5903e9c428ce0800fc3bb447cb038b96cd4fb597 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 2 Jun 2023 10:43:08 +0100 Subject: [PATCH 431/483] Modify tests in response to review comments. Address the way the tests have been modified in response to review comments. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_md.data | 1 - tests/suites/test_suite_md.function | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 15e3b99d56..ccc7b10ae4 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -3,7 +3,6 @@ MD list mbedtls_md_list: MD NULL/uninitialised arguments -depends_on:MBEDTLS_MD_C md_null_args: Information on MD5 diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 4438fa1509..ac9516ab8d 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -61,7 +61,6 @@ void md_null_args() TEST_EQUAL(mbedtls_md_setup(&ctx, NULL, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA); #if defined(MBEDTLS_MD_C) TEST_EQUAL(mbedtls_md_setup(NULL, info, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA); -#endif TEST_EQUAL(mbedtls_md_starts(NULL), MBEDTLS_ERR_MD_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_md_starts(&ctx), MBEDTLS_ERR_MD_BAD_INPUT_DATA); @@ -71,6 +70,7 @@ void md_null_args() TEST_EQUAL(mbedtls_md_finish(NULL, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_md_finish(&ctx, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#endif TEST_EQUAL(mbedtls_md(NULL, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); From e773978e68a49bf0a2aa3a06c243afbb2c2a1449 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 2 Jun 2023 09:42:44 -0400 Subject: [PATCH 432/483] Remove unnecessary addition to buffer size estimation Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index ea8471cfb0..274eb4b7ad 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -201,7 +201,6 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c CHECK_OVERFLOW_ADD(buflen, chunk->val.len); chunk = chunk->next; } - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); CHECK_OVERFLOW_ADD(buflen, 4 + 1); break; } From 02127ab02245936cb4869d8e2ed3b3fc378ef32b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 2 Jun 2023 14:50:35 +0100 Subject: [PATCH 433/483] Allow subidentifiers of size UINT_MAX Make overflow check more accurate and add testcases Signed-off-by: David Horstmann --- library/oid.c | 2 +- tests/suites/test_suite_oid.data | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 02e41363e2..b13c76b1e7 100644 --- a/library/oid.c +++ b/library/oid.c @@ -1012,7 +1012,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } } - if ((UINT_MAX - component2) <= (component1 * 40)) { + if (component2 > (UINT_MAX - (component1 * 40))) { ret = MBEDTLS_ERR_ASN1_INVALID_DATA; goto error; } diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index c5f13175b8..1435507f64 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -161,3 +161,9 @@ oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID from numeric string - OID greater than max length (129 components) oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - OID with maximum subidentifier +oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F" + +OID from numeric string - OID with overflowing subidentifier +oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:"" From 62e7fae1090544357bcfaf209b9d87f8f827bfeb Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 2 Jun 2023 15:32:20 +0100 Subject: [PATCH 434/483] Fix bug in calculation of maximum possible bytes Each DER-encoded OID byte can only store 7 bits of actual data, so take account of that. Calculate the number of bytes required as: number_of_bytes = ceil(subidentifier_size * 8 / 7) Signed-off-by: David Horstmann --- library/oid.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index b13c76b1e7..88165d3120 100644 --- a/library/oid.c +++ b/library/oid.c @@ -971,7 +971,14 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } - size_t max_possible_bytes = num_dots * sizeof(unsigned int); + /* Each byte can store 7 bits, calculate number of bytes for a + * subidentifier: + * + * bytes = ceil(subidentifer_size * 8 / 7) + */ + size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7) + + 1; + size_t max_possible_bytes = num_dots * bytes_per_subidentifier; oid->p = mbedtls_calloc(max_possible_bytes, 1); if (oid->p == NULL) { return MBEDTLS_ERR_ASN1_ALLOC_FAILED; From 1414bc34b9cd91e6ebe4a0161c17ed2d125cf96e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Jun 2023 17:54:21 +0200 Subject: [PATCH 435/483] Minor copyediting Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 075b386b10..551e59265c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -308,7 +308,7 @@ Key derivation is more complex than other multipart operations for several reaso #### Key derivation driver dispatch logic -The core decides whether to dispatch a key derivation operation to a driver based on the location associated with of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. +The core decides whether to dispatch a key derivation operation to a driver based on the location associated with the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. 1. If this step is passed via `psa_key_derivation_input_key()` for a key in a secure element: * If the driver for this secure element implements the `"key_derivation"` family for the specified algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. @@ -342,7 +342,7 @@ The core conveys the initial inputs for a key derivation via an opaque data stru typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type ``` -A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of the type-specific the functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of the type-specific functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. ``` enum psa_crypto_driver_key_derivation_input_type_t { @@ -567,7 +567,7 @@ psa_status_t acme_key_agreement_to_key(psa_algorithm_t alg, size_t *shared_secret_key_buffer_length); ``` -Note that unlike most other key creation entry points, in `"acme_key_agreement_to_key"`, the parameters for the shared secret are not placed near the beginning, but rather grouped with the other parameters at the end, to avoid confusion with the keys passed as inputs. +Note that unlike most other key creation entry points, in `"acme_key_agreement_to_key"`, the attributes for the shared secret are not placed near the beginning, but rather grouped with the other parameters related to the shared secret at the end of the parameter list. This is to avoid potential confusion with the attributes of the private key that is passed as an input. ### Driver entry points for key management @@ -1188,7 +1188,7 @@ Should the core guarantee that the output buffer size has the size indicated by Why is `psa_crypto_driver_key_derivation_get_input_bytes` a copy, rather than giving a pointer? -The main reason is to avoid complex buffer ownership. A driver entry point does not own memory after the entry point return. This is generally necessary because an API function does not own memory after the entry point returns. In the case of key derivation inputs, this could be relaxed because the driver entry point is making callbacks to the core: these functions could return a pointer that is valid until the driver entry point, which would allow the driver to process the data immediately (e.g. hash it rather than copy it). +The main reason is to avoid complex buffer ownership. A driver entry point does not own memory after the entry point return. This is generally necessary because an API function does not own memory after the entry point returns. In the case of key derivation inputs, this could be relaxed because the driver entry point is making callbacks to the core: these functions could return a pointer that is valid until the driver entry point returns, which would allow the driver to process the data immediately (e.g. hash it rather than copy it). ### Partial computations in drivers From f96a18edc7b7d1a21bf3c322521d48e3a1a467e7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Jun 2023 18:02:15 +0200 Subject: [PATCH 436/483] Probably resolve concern about the input size for derive_key Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 551e59265c..f04f8e976e 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -510,7 +510,6 @@ psa_status_t acme_derive_key( * `attributes` contains the attributes of the specified key. Note that only the key type and the bit-size are guaranteed to be set. * `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. - TODO: how does the core choose `input_length`? Doesn't the driver know better? Should there be a driver entry point to determine the length, or should there be a callback that allows the driver to retrieve the input? (Note that for some algorithms, it's impossible to predict the amount of input in advance, because it depends on some complex calculation or even on random data, e.g. if doing a randomized pseudo-primality test.) * If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. * `key_buffer` is a buffer for the output material, in the appropriate [export format](#key-format-for-transparent-drivers) for the key type. Its size is `key_buffer_size` bytes. * On success, `*key_buffer_length` must contain the number of bytes written to `key_buffer`. @@ -531,6 +530,8 @@ For standard key types, the `"derive_key"` entry point is called with a certain * `PSA_KEY_TYPE_RSA_KEY_PAIR`: an implementation-defined length. A future version of this specification may specify a length. * Other key types: not applicable. +See [“Open questions around cooked key derivation”](#open-questions-around-cooked-key-derivation) for some points that may not be fully settled. + #### Key agreement The core always decouples key agreement from symmetric key derivation. @@ -1233,6 +1234,10 @@ An example use case for updating the persistent state at arbitrary times is to r `psa_crypto_driver_get_persistent_state` does not identify the calling driver, so the driver needs to remember which driver it's calling. This may require a thread-local variable in a multithreaded core. Is this ok? +#### Open questions around cooked key derivation + +For the `"derive_key"` entry point, how does the core choose `input_length`? Doesn't the driver know better? Should there be a driver entry point to determine the length, or should there be a callback that allows the driver to retrieve the input? Note that for some key types, it's impossible to predict the amount of input in advance, because it depends on some complex calculation or even on random data, e.g. if doing a randomized pseudo-primality test. However, for all key types except RSA, the specification mandates how the key is derived, which practically dictates how the pseudorandom key stream is consumed. So it's probably ok. + #### Fallback for key derivation in opaque drivers Should [dispatch to an opaque driver](#key-derivation-driver-dispatch-logic) allow fallback, so that if `"key_derivation_setup"` returns `PSA_ERROR_NOT_SUPPORTED` then the core exports the key from the secure element instead? From dcaf104eefbcd524410da7b1413a1b8ac8018d26 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Jun 2023 18:02:41 +0200 Subject: [PATCH 437/483] Note that we may want to rename derive_key ... if we think of a better name Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index f04f8e976e..b5e657c627 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -1236,6 +1236,8 @@ An example use case for updating the persistent state at arbitrary times is to r #### Open questions around cooked key derivation +`"derive_key"` is not a clear name. Can we use a better one? + For the `"derive_key"` entry point, how does the core choose `input_length`? Doesn't the driver know better? Should there be a driver entry point to determine the length, or should there be a callback that allows the driver to retrieve the input? Note that for some key types, it's impossible to predict the amount of input in advance, because it depends on some complex calculation or even on random data, e.g. if doing a randomized pseudo-primality test. However, for all key types except RSA, the specification mandates how the key is derived, which practically dictates how the pseudorandom key stream is consumed. So it's probably ok. #### Fallback for key derivation in opaque drivers From 7df8ba6a103bebf747d523ad77440c1c09f5cef0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Jun 2023 18:16:02 +0200 Subject: [PATCH 438/483] Rework the description of key derivation output/verify key Some of the fallback mechanisms between the entry points were not described corrrectly. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index b5e657c627..c96452e5fc 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -473,11 +473,22 @@ The core calls a key derivation driver's output entry point when the application If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure element and the derivation operation is handled by that secure element, the core performs the following steps: -1. For a call to `psa_key_derivation_output_key()` where the derived key is in the same secure element, if the driver has an `"key_derivation_output_key"` entry point, call that entry point. If the driver has no such entry point, or if that entry point returns `PSA_ERROR_NOT_SUPPORTED`, continue with the following steps, otherwise stop. -1. For a call to `psa_key_derivation_output_key()`, if the driver's capabilities indicate that its `"import_key"` entry point does not support the derived key, stop and return `PSA_ERROR_NOT_SUPPORTED`. -1. For a call to `psa_key_derivation_verify_key()`, if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. -1. For a call to `psa_key_derivation_verify_key()` or `psa_key_derivation_verify_bytes()`, if the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's `"export_key"` entry point on the key object that contains the expected value, call the `"key_derivation_verify_bytes"` entry point on the exported material, and stop. -1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. +* For a call to `psa_key_derivation_output_key()`: + + 1. If the derived key is in the same secure element, if the driver has an `"key_derivation_output_key"` entry point, call that entry point. If the driver has no such entry point, or if that entry point returns `PSA_ERROR_NOT_SUPPORTED`, continue with the following steps, otherwise stop. + 1. If the driver's capabilities indicate that its `"import_key"` entry point does not support the derived key, stop and return `PSA_ERROR_NOT_SUPPORTED`. + 1. Otherwise proceed as for `psa_key_derivation_output_bytes()`, then import the resulting key material. + +* For a call to `psa_key_derivation_verify_key()`: + 1. For ``psa_key_derivation_verify_key()` only: if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. + 1. Call the driver's `"export_key"` entry point on the key object that contains the expected value, then proceed as for `psa_key_derivation_verify_bytes()`. + +* For a call to `psa_key_derivation_verify_bytes()`: + 1. If the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's , call the `"key_derivation_verify_bytes"` entry point on the expected output, then stop. + 1. Otherwise, proceed as for `psa_key_derivation_output_bytes()`, and compare the resulting output to the expected output inside the core.. + +* For a call to `psa_key_derivation_output_bytes()`: + 1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the core then calls additional entry points in the same or another driver: From eab9a85f4c716f599b41427fc4244affd65ec1f3 Mon Sep 17 00:00:00 2001 From: valerio Date: Thu, 1 Jun 2023 10:58:19 +0200 Subject: [PATCH 439/483] pk_wrap: add support for key pair check for EC opaque keys Signed-off-by: valerio --- library/pk_wrap.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 92937c8f3b..9170231d6f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1669,6 +1669,53 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, #endif /* !MBEDTLS_PK_CAN_ECDSA_SIGN && !MBEDTLS_RSA_C */ } +static int pk_opaque_ec_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) +{ + /* The main difference between this function and eckey_check_pair_psa() is + * that in the opaque case the private key is always stored in PSA side no + * matter if MBEDTLS_PK_USE_PSA_EC_DATA is enabled or not. + * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled, we can simply use the + * eckey_check_pair_psa(). */ + (void) f_rng; + (void) p_rng; + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + return eckey_check_pair_psa(pub, prv); +#elif defined(MBEDTLS_ECP_LIGHT) + psa_status_t status; + uint8_t exp_pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN]; + size_t exp_pub_key_len = 0; + uint8_t pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN]; + size_t pub_key_len = 0; + int ret; + + status = psa_export_public_key(prv->priv_id, exp_pub_key, sizeof(exp_pub_key), + &exp_pub_key_len); + if (status != PSA_SUCCESS) { + ret = psa_pk_status_to_mbedtls(status); + return ret; + } + ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(*pub)->grp), + &(mbedtls_pk_ec_ro(*pub)->Q), + MBEDTLS_ECP_PF_UNCOMPRESSED, + &pub_key_len, pub_key, sizeof(pub_key)); + if (ret != 0) { + return ret; + } + if ((exp_pub_key_len != pub_key_len) || + memcmp(exp_pub_key, pub_key, exp_pub_key_len)) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + return 0; +#else + (void) pub; + (void) prv; + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ +} + const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = { MBEDTLS_PK_OPAQUE, "Opaque", @@ -1682,7 +1729,7 @@ const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = { #endif NULL, /* decrypt - not relevant */ NULL, /* encrypt - not relevant */ - NULL, /* check_pair - could be done later or left NULL */ + pk_opaque_ec_check_pair, NULL, /* alloc - no need to allocate new data dynamically */ NULL, /* free - as for the alloc, there is no data to free */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) From 8cbef4d55ec3394de8cf2620cfdc8f49a9163402 Mon Sep 17 00:00:00 2001 From: valerio Date: Thu, 1 Jun 2023 10:59:03 +0200 Subject: [PATCH 440/483] pk: allow key pair checking for opaque keys Signed-off-by: valerio --- library/pk.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index 8e42b8d4c7..d30205cf78 100644 --- a/library/pk.c +++ b/library/pk.c @@ -825,7 +825,8 @@ int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, return MBEDTLS_ERR_PK_TYPE_MISMATCH; } } else { - if (pub->pk_info != prv->pk_info) { + if ((prv->pk_info->type != MBEDTLS_PK_OPAQUE) && + (pub->pk_info != prv->pk_info)) { return MBEDTLS_ERR_PK_TYPE_MISMATCH; } } From 6c666c6c8dcdef068af78ae9708b1a263b3925fe Mon Sep 17 00:00:00 2001 From: valerio Date: Thu, 1 Jun 2023 10:59:42 +0200 Subject: [PATCH 441/483] test: add key pair check verification for opaque EC keys Signed-off-by: valerio --- tests/suites/test_suite_pk.function | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index a5b50dec45..65b0c0303f 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -562,6 +562,9 @@ exit: void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) { mbedtls_pk_context pub, prv, alt; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_init(&pub); mbedtls_pk_init(&prv); @@ -575,7 +578,7 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) { ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; } -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0); TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL, @@ -596,7 +599,20 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) == ret); } #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) { + TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id, + PSA_ALG_ANY_HASH, + PSA_KEY_USAGE_EXPORT, 0), 0); + TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, + NULL), ret); + } +#endif +exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_destroy_key(opaque_key_id); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_free(&pub); mbedtls_pk_free(&prv); mbedtls_pk_free(&alt); From ede0c4676e3d94d41c3b82fe730bed0640c904bb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Jun 2023 11:08:28 +0200 Subject: [PATCH 442/483] pk_internal: minor rearrangement in mbedtls_pk_get_group_id() Signed-off-by: Valerio Setti --- library/pk_internal.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 21fb34a8f4..388f94ac80 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -86,11 +86,11 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont mbedtls_ecp_group_id id; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t opaque_key_type; - psa_ecc_family_t curve; - if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t opaque_key_type; + psa_ecc_family_t curve; + if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { return MBEDTLS_ECP_DP_NONE; } From 21e5939479648453d787badb560f014730e090e6 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 5 Jun 2023 17:40:15 +0800 Subject: [PATCH 443/483] Generate PEM pub key directly from DER prv key Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 55d6cd2195..46aa5052da 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1019,8 +1019,8 @@ ec_x25519_prv.pem: ec_x25519_prv.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_x25519_prv.pem -ec_x25519_pub.pem: ec_x25519_pub.der - $(OPENSSL) pkey -in $< -inform DER -out $@ -pubin +ec_x25519_pub.pem: ec_x25519_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout all_final += ec_x25519_pub.pem ec_x448_prv.der: @@ -1035,8 +1035,8 @@ ec_x448_prv.pem: ec_x448_prv.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_x448_prv.pem -ec_x448_pub.pem: ec_x448_pub.der - $(OPENSSL) pkey -in $< -inform DER -out $@ -pubin +ec_x448_pub.pem: ec_x448_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout all_final += ec_x448_pub.pem ################################################################ From 8dd1e623e1774688377c79293086b5bea2bf99f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 5 Jun 2023 14:14:41 +0200 Subject: [PATCH 444/483] Copyediting Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index c96452e5fc..bbd1f58877 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -480,12 +480,12 @@ If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure e 1. Otherwise proceed as for `psa_key_derivation_output_bytes()`, then import the resulting key material. * For a call to `psa_key_derivation_verify_key()`: - 1. For ``psa_key_derivation_verify_key()` only: if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. + 1. If the driver has a `"key_derivation_verify_key"` entry point, call it and stop. 1. Call the driver's `"export_key"` entry point on the key object that contains the expected value, then proceed as for `psa_key_derivation_verify_bytes()`. * For a call to `psa_key_derivation_verify_bytes()`: - 1. If the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's , call the `"key_derivation_verify_bytes"` entry point on the expected output, then stop. - 1. Otherwise, proceed as for `psa_key_derivation_output_bytes()`, and compare the resulting output to the expected output inside the core.. + 1. If the driver has a `"key_derivation_verify_bytes"` entry point, call that entry point on the expected output, then stop. + 1. Otherwise, proceed as for `psa_key_derivation_output_bytes()`, and compare the resulting output to the expected output inside the core. * For a call to `psa_key_derivation_output_bytes()`: 1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. From f4ba0013e2361088fa42a90719e57d5017495c01 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 5 Jun 2023 14:23:58 +0200 Subject: [PATCH 445/483] Clarify when key derivation entry points are mandatory/permitted Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index bbd1f58877..b6a650888f 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -322,10 +322,10 @@ The core decides whether to dispatch a key derivation operation to a driver base A key derivation driver has the following entry points: * `"key_derivation_setup"` (mandatory): always the first entry point to be called. This entry point provides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver setup”](#key-derivation-driver-setup). -* `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). +* `"key_derivation_input_step"` (mandatory if the driver supports a key derivation algorithm with long inputs, otherwise ignored): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_output_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). -* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_key"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). +* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_key"` for “cooked”, i.e. non-raw-data key types; ignored for other opaque drivers; not permitted for transparent drivers): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). * `"key_derivation_abort"` (mandatory): always the last entry point to be called. For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: From 0c0f84e54fb420effd94b7b7447bbc3bb720aca4 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 24 May 2023 18:23:59 +0800 Subject: [PATCH 446/483] Update test-ca[1|2].crt[.der] Signed-off-by: Pengyu Lv --- tests/data_files/test-ca.crt | 18 +++++++++--------- tests/data_files/test-ca.req.sha256 | 16 ++++++++++++++++ tests/data_files/test-ca.req_ec.sha256 | 9 +++++++++ tests/data_files/test-ca2.crt | 12 ++++++------ tests/data_files/test-ca2.crt.der | Bin 520 -> 523 bytes tests/data_files/test-ca2.req.sha256 | 9 +++++++++ 6 files changed, 49 insertions(+), 15 deletions(-) create mode 100644 tests/data_files/test-ca.req.sha256 create mode 100644 tests/data_files/test-ca.req_ec.sha256 create mode 100644 tests/data_files/test-ca2.req.sha256 diff --git a/tests/data_files/test-ca.crt b/tests/data_files/test-ca.crt index 31790b5bb4..ef7e4c7294 100644 --- a/tests/data_files/test-ca.crt +++ b/tests/data_files/test-ca.crt @@ -1,5 +1,5 @@ -----BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G @@ -9,12 +9,12 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ -MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA -A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL -hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm -8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD -zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ -0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/ -mtxyUALj2pQxRitopORFQdn7AOY5 +UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68 +x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB +BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T +hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/ +G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf +7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH +9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf +hlf8qotOhNvFXpEsCGwZUywayo7c4DtO -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca.req.sha256 b/tests/data_files/test-ca.req.sha256 new file mode 100644 index 0000000000..1114338791 --- /dev/null +++ b/tests/data_files/test-ca.req.sha256 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgDCCAWgCAQAwOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAwN83/Be74JadP4beljJ9RKUWoM0h8ZnU7OrLfBhYCJSl7JvFi98a +Hpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6jMFKp8udAcBTLRKJyC8LlQPk+5aYO +s/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8Ko/vJ2DDxp/LuuxgfbfmhDK+T/tY +JiIDW9S01fv145YucMDkLr38Lu7iQVXANC59JHJpy0exFECDfWf0hvYxq/F5pLK1 +LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp/KzbLijRfgJLI6AV8jhlZAnqDG6O +Gxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QIDAQABoAAwDQYJKoZIhvcNAQELBQAD +ggEBAKI+q840+CyPj6DJDJr9mP/aE8U+VyxbarQuZHxbiyS2HDuNQNFvP2TmCDRx +juERTU8yDOj3F2p7JhFF4QkCP2TP4JFYjLlOE7ISxYegGdJNNO6W00btMHG1s0aW +uPcPIIy9HxGiOFFmjYz7Jo8mcFl+bl4ET7zPoj21R4dOl7E3oYLtEZqTuiWnfW2H ++whurU13PYyog3jvJex99VIL8ZRliUSKgdmQ7A4GMvE6kf6Uk+441ynZ7RQr4jF9 +xsVIrR7cyt/SsVEYF+2SfJi0dO9pf6yV3PdwtpU2URTyZoitlneqEINXKi7Qx6E+ ++f5fAI8FbCJtgKEKf2TfqiH6sCI= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/test-ca.req_ec.sha256 b/tests/data_files/test-ca.req_ec.sha256 new file mode 100644 index 0000000000..6d46b2ad84 --- /dev/null +++ b/tests/data_files/test-ca.req_ec.sha256 @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBOTCBvQIBADA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxHDAa +BgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjUUrSRlTkLI99fFyRiSPwalSnO +LC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0X3WnR2/VGSlVaZpTOyC0ZhZg +Mx6gADAMBggqhkjOPQQDAgUAA2kAMGYCMQDElef9+KfRbZOA29ZyU750fB3ob82E +8R711+hk9HOsk0G9Uccp3tT+1nhCcMNhnWsCMQD6Y8e9jcEaKSPiWWfgCZ5NaQ5l +pvPDUdcPV8sZt2cgNS8fcRIIHblQKvr6miHXl9Y= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/test-ca2.crt b/tests/data_files/test-ca2.crt index 7ac79e440f..b974f4c5bc 100644 --- a/tests/data_files/test-ca2.crt +++ b/tests/data_files/test-ca2.crt @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- -MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO 4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK -6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/ -MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk -SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a -LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ -hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg== +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2.crt.der b/tests/data_files/test-ca2.crt.der index 2c8e217432a33259f5a5bf666daa4b77de32b0dc..70d6abca4cd491a0123bc09a168fee5e160d810a 100644 GIT binary patch delta 136 zcmV;30C)e01d9X+FoFUHFoFS#u?RN-4O1{tFb@U;RUH!n0soUp0b67-0O>Vn!6IDh z>lJoW1Oxw82G7^fP|m=7(z8{qk5n38{Q&h$45dwk#o%H(s#f|C_5v_p*j25)H=Kgj qVL*z#eT~0Qm)N2rL}u5wOye%5 Date: Wed, 24 May 2023 14:26:53 +0800 Subject: [PATCH 447/483] Update server6.crt Signed-off-by: Pengyu Lv --- tests/data_files/server6.crt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/data_files/server6.crt b/tests/data_files/server6.crt index 6df6716861..51e4393194 100644 --- a/tests/data_files/server6.crt +++ b/tests/data_files/server6.crt @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 -AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ -Xj09kLboxuemP40IIqhQnpYptMg= +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o +ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn +KgfuCEF96BhSjLDXWKB4IFWaXUQ= -----END CERTIFICATE----- From 465c6eb37140d8b48497462b02819cbb769a7bfe Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 24 May 2023 14:31:42 +0800 Subject: [PATCH 448/483] Update test-ca2_cat-*.crt and test-ca_cat*.crt Signed-off-by: Pengyu Lv --- .../test-ca2_cat-future-invalid.crt | 42 ++++++++--------- .../test-ca2_cat-future-present.crt | 46 +++++++++---------- .../data_files/test-ca2_cat-past-invalid.crt | 16 +++---- .../data_files/test-ca2_cat-past-present.crt | 24 +++++----- .../test-ca2_cat-present-future.crt | 46 +++++++++---------- .../data_files/test-ca2_cat-present-past.crt | 24 +++++----- tests/data_files/test-ca_cat12.crt | 42 ++++++++--------- tests/data_files/test-ca_cat21.crt | 42 ++++++++--------- 8 files changed, 135 insertions(+), 147 deletions(-) diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt index b1cfbf0547..833e497faa 100644 --- a/tests/data_files/test-ca2_cat-future-invalid.crt +++ b/tests/data_files/test-ca2_cat-future-invalid.crt @@ -1,27 +1,27 @@ -----BEGIN CERTIFICATE----- +MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ +5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj +vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 -AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ -Xj09kLboxuemP40IIqhQnpYptMg= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH -qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 -+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o +ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn +KgfuCEF96BhSjLDXWKB4IFWaXUQ= -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-future-present.crt b/tests/data_files/test-ca2_cat-future-present.crt index 776e725cb6..649cca05a6 100644 --- a/tests/data_files/test-ca2_cat-future-present.crt +++ b/tests/data_files/test-ca2_cat-future-present.crt @@ -1,28 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH -qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 -+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ +5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj +vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt index febad74081..a0b0a2f868 100644 --- a/tests/data_files/test-ca2_cat-past-invalid.crt +++ b/tests/data_files/test-ca2_cat-past-invalid.crt @@ -13,15 +13,15 @@ l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 -AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ -Xj09kLboxuemP40IIqhQnpYptMg= +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o +ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn +KgfuCEF96BhSjLDXWKB4IFWaXUQ= -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-present.crt b/tests/data_files/test-ca2_cat-past-present.crt index bc1ba9a2ef..24e05c6422 100644 --- a/tests/data_files/test-ca2_cat-past-present.crt +++ b/tests/data_files/test-ca2_cat-past-present.crt @@ -12,17 +12,15 @@ tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-future.crt b/tests/data_files/test-ca2_cat-present-future.crt index d62ed09cd4..6539479e63 100644 --- a/tests/data_files/test-ca2_cat-present-future.crt +++ b/tests/data_files/test-ca2_cat-present-future.crt @@ -1,28 +1,26 @@ -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH -qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 -+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ +5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj +vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-past.crt b/tests/data_files/test-ca2_cat-present-past.crt index a321d5dd78..08aeeea120 100644 --- a/tests/data_files/test-ca2_cat-present-past.crt +++ b/tests/data_files/test-ca2_cat-present-past.crt @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw diff --git a/tests/data_files/test-ca_cat12.crt b/tests/data_files/test-ca_cat12.crt index 8928144637..c54bcc178a 100644 --- a/tests/data_files/test-ca_cat12.crt +++ b/tests/data_files/test-ca_cat12.crt @@ -1,5 +1,5 @@ -----BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G @@ -9,27 +9,25 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ -MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA -A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL -hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm -8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD -zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ -0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/ -mtxyUALj2pQxRitopORFQdn7AOY5 +UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68 +x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB +BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T +hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/ +G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf +7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH +9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf +hlf8qotOhNvFXpEsCGwZUywayo7c4DtO -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca_cat21.crt b/tests/data_files/test-ca_cat21.crt index 7234863c71..b090dc6eca 100644 --- a/tests/data_files/test-ca_cat21.crt +++ b/tests/data_files/test-ca_cat21.crt @@ -1,20 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G @@ -24,12 +22,12 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ -MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA -A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL -hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm -8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD -zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ -0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/ -mtxyUALj2pQxRitopORFQdn7AOY5 +UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68 +x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB +BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T +hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/ +G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf +7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH +9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf +hlf8qotOhNvFXpEsCGwZUywayo7c4DtO -----END CERTIFICATE----- From 0f5ca2dc8709b979813694e395639d63d417a5c3 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 09:24:17 +0800 Subject: [PATCH 449/483] Add rules to generate test-int-ca{2,3}.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 29 ++++++++++++++++++++++++++-- tests/data_files/test-ca.opensslconf | 5 +++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 80da98273c..7e3b3a0219 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -250,10 +250,35 @@ all_final += $(test_ca_crt_cat21) test-int-ca.csr: test-int-ca.key $(test_ca_config_file) $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ -all_intermediate += test-int-ca.csr + +test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file) + $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \ + -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@ + +test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file) + $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \ + -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@ + +all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr + +test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ + +test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \ + -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \ + -passin "pass:$(test_ca_pwd_rsa)" -out $@ + +# Note: This requests openssl version >= 3.x.xx +test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \ + -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \ + -sha256 -in test-int-ca3.csr -out $@ + test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ -all_final += test-int-ca-exp.crt + +all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index a642b7379a..ff22cdbb49 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -12,6 +12,11 @@ subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true +[no_subj_auth_id] +subjectKeyIdentifier=none +authorityKeyIdentifier=none +basicConstraints = CA:true + [othername_san] subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name From 193f414cf8c71689da604b6d59c890a51581b9f2 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 09:38:03 +0800 Subject: [PATCH 450/483] Update test-int-ca*.crt Signed-off-by: Pengyu Lv --- tests/data_files/test-int-ca-exp.crt | 14 +++++++------- tests/data_files/test-int-ca.crt | 16 ++++++++-------- tests/data_files/test-int-ca2.crt | 22 +++++++++++----------- tests/data_files/test-int-ca3-badsign.crt | 16 ++++++++-------- tests/data_files/test-int-ca3.crt | 16 ++++++++-------- 5 files changed, 42 insertions(+), 42 deletions(-) diff --git a/tests/data_files/test-int-ca-exp.crt b/tests/data_files/test-int-ca-exp.crt index c549654b0f..835c7dbbfc 100644 --- a/tests/data_files/test-int-ca-exp.crt +++ b/tests/data_files/test-int-ca-exp.crt @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwNTE2MDcxMDM3WhcNMjMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR @@ -16,9 +16,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX -Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep -773Ap7Gxpk168id1EFhvW22YabKs +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAJH0e4fySJI2nJt1Knd+yU7zn1jTFDAABJMbndhR +07OSM6vwUaGSMVatSzr8ah+UDgIwaI/MBcorSxT92jAQb1W5dJkEudoYSg49fjAf +z0BtLCVhFwQlrzCqgXC98SGfT6sZ -----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca.crt b/tests/data_files/test-int-ca.crt index cbe99e0a62..8b2846d3b4 100644 --- a/tests/data_files/test-int-ca.crt +++ b/tests/data_files/test-int-ca.crt @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -16,9 +16,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca2.crt b/tests/data_files/test-int-ca2.crt index 9ce44c2310..80f39b9cf7 100644 --- a/tests/data_files/test-int-ca2.crt +++ b/tests/data_files/test-int-ca2.crt @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca3-badsign.crt b/tests/data_files/test-int-ca3-badsign.crt index 2087056e8e..8c363152b1 100644 --- a/tests/data_files/test-int-ca3-badsign.crt +++ b/tests/data_files/test-int-ca3-badsign.crt @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWf0= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg10== -----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca3.crt b/tests/data_files/test-int-ca3.crt index 7e724b241d..3aa64b137d 100644 --- a/tests/data_files/test-int-ca3.crt +++ b/tests/data_files/test-int-ca3.crt @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- From 0a7108f32dc9f75ab345999721b37de188500278 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 10:04:05 +0800 Subject: [PATCH 451/483] Extend the validity period of pkcs7-rsa-sha*.crt to 10 years Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7e3b3a0219..936ef13d06 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1569,17 +1569,17 @@ all_final += pkcs7_data_1.bin # Generate signing cert pkcs7-rsa-sha256-1.crt: - $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem all_final += pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-2.crt: - $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem all_final += pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-3.crt: - $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem all_final += pkcs7-rsa-sha256-3.crt From cd378f2ffec7754351e2fdeea209fe92dc18abbd Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 10:08:21 +0800 Subject: [PATCH 452/483] Update pkcs7 files Signed-off-by: Pengyu Lv --- tests/data_files/pkcs7-rsa-sha256-1.crt | 32 +++---- tests/data_files/pkcs7-rsa-sha256-1.der | Bin 845 -> 845 bytes tests/data_files/pkcs7-rsa-sha256-1.key | 52 +++++------ tests/data_files/pkcs7-rsa-sha256-1.pem | 84 +++++++++--------- tests/data_files/pkcs7-rsa-sha256-2.crt | 32 +++---- tests/data_files/pkcs7-rsa-sha256-2.der | Bin 845 -> 845 bytes tests/data_files/pkcs7-rsa-sha256-2.key | 52 +++++------ tests/data_files/pkcs7-rsa-sha256-2.pem | 84 +++++++++--------- tests/data_files/pkcs7-rsa-sha256-3.crt | 32 +++---- tests/data_files/pkcs7-rsa-sha256-3.key | 52 +++++------ tests/data_files/pkcs7-rsa-sha256-3.pem | 84 +++++++++--------- tests/data_files/pkcs7_data_3_signed.der | Bin 1185 -> 1185 bytes .../data_files/pkcs7_data_cert_encrypted.der | Bin 452 -> 452 bytes .../pkcs7_data_cert_signed_sha1.der | Bin 1276 -> 1276 bytes .../pkcs7_data_cert_signed_sha256.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signed_sha512.der | Bin 1284 -> 1284 bytes .../data_files/pkcs7_data_cert_signed_v2.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signeddata_sha256.der | Bin 1265 -> 1265 bytes .../pkcs7_data_multiple_certs_signed.der | Bin 2504 -> 2504 bytes .../data_files/pkcs7_data_multiple_signed.der | Bin 810 -> 810 bytes .../data_files/pkcs7_data_signed_badcert.der | Bin 1284 -> 1284 bytes .../pkcs7_data_signed_badsigner.der | Bin 1284 -> 1284 bytes .../pkcs7_data_signed_badsigner1_badsize.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner1_badtag.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner1_fuzzbad.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner2_badsize.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner2_badtag.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner2_fuzzbad.der | Bin 1185 -> 1185 bytes .../data_files/pkcs7_data_with_signature.der | Bin 446 -> 446 bytes .../pkcs7_data_without_cert_signed.der | Bin 435 -> 435 bytes ...o_1_serial_invalid_tag_after_long_name.der | Bin 810 -> 810 bytes .../pkcs7_signerInfo_2_invalid_tag.der | Bin 1185 -> 1185 bytes .../pkcs7_signerInfo_issuer_invalid_size.der | Bin 1284 -> 1284 bytes .../pkcs7_signerInfo_serial_invalid_size.der | Bin 1284 -> 1284 bytes .../data_files/pkcs7_zerolendata_detached.der | Bin 435 -> 435 bytes 35 files changed, 252 insertions(+), 252 deletions(-) diff --git a/tests/data_files/pkcs7-rsa-sha256-1.crt b/tests/data_files/pkcs7-rsa-sha256-1.crt index 9e461cd0c6..fe282ab836 100644 --- a/tests/data_files/pkcs7-rsa-sha256-1.crt +++ b/tests/data_files/pkcs7-rsa-sha256-1.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUI2LNEq0VTrCDZpmJyvSG20rKV+MwDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDEwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N -Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4 -3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j -9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra -xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7 -y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC -AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY -MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8 -wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8 -1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51 -1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9 -SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H -EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqiVc1m06wYnKshqXSoOFDl +iFW6F/3I/vVmD6/kyTmsZ425tiCiunmSR2rlJc7/2aWbTH0P3ut3dinnooUsSws8 +EwRTjSdECDzF96QTCIUvhMHINQfpQuxSr9leK3AvoiCPi3XUefKhTuoF1A/bTQx2 +QcNzJluQPAzdvUDFBZLdLImjJ7gid1j7KSRZHjVxnFPnolr1EELXDJs29RVup1in +8fOaBIlHEArWuSgV2aQ7uVLuBHM8Nz0Y810PElgUaOCMxGvo/Ew4TpBJfDipSD2l +WFPisxnBzjmq3byi+mARpr+BHxETvbrZ1uRbaIA6bzGL1PZlw/vMcvuTHu3yKMkC +AwEAAaNTMFEwHQYDVR0OBBYEFBvPc+YWbxPtP3MFjmyrL6lQkJJvMB8GA1UdIwQY +MBaAFBvPc+YWbxPtP3MFjmyrL6lQkJJvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJK7huNJR+TlkZBHiCtb0KMfljHRWPuAL6fW0mGvBDeZyRTH +OzGdqgjnYzgYZ538pG7TsMGomrSQwlATfICKsf8dNSlnPqOiIPo2fdd8gr/tO7yl +FG/KvXk0v5Dfs4RGUs7UYdmzncEYC2JsToFsD4jja+5tnY//NJRxkJdswfn+wBqH +wN+y4qELdq+AEBKymbQsIwOBt3UdeVUwBBjtqJXFtET9yhqkqVxnb/i0jHrhjyiS +Q/Y+T9s35+A6XlI6nSiJLDxMfgJVCWa2OtGI//aAlzlw+6dHiiJVVBHpZbW0YTY4 +qE7kjhPrddJYlB6k4S3ub9j4e87k0P0IyFptxw8= -----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-1.der b/tests/data_files/pkcs7-rsa-sha256-1.der index 0d799ea335a51b79ecc1f0b50037469ab0b69ade..ed29e40933e1c2bd9ed4041fc3b8b2269eb208c4 100644 GIT binary patch delta 668 zcmV;N0%QHn2F(T|FoFX~FoFUxpaTK{0s<5xV$Bk*6;7~&W|@h~^oH9?%2(r&BT5=G zFf}kZF)%SXF)>;f4Kp(^H840aFflnXF_DK@f109I&1TcA7@VsisdT6~Q00hKx)=S( z{`F=LujI)&tY?k6wjiRqd6GwJ{74UUMp}fq9Bipb<}zCp-$=r)DPQD40b`ob0%AmJPh5vK*a@; zf88vJqbIl`cUb!=Bv~Fcahy}nKXV0+Y^yJ+P>_;ulPCfu zf0Da~<4H&4<&ls_h$~yrqaT(r(OCO{FQ?YhVXp)?naLE#J29QA2h~sPSZJm$*G?a0Wmu$iLfBwK4hrr*m;-L$6uYeE|vYE6jBLjiAbsc$C zFa#LwsFlUEME%Mdq^VqIZ}_x~df|^Kl0)`BPun-=;5uGXI-MwqEIdqp0#ylSwmQ*> z|Mq~FIdJ=@M~Wg=-O C-!cmT delta 668 zcmV;N0%QHn2F(T|FoFX~FoFUxpaTK{0s<6!-rdqfOwrB$TtTQ1EQz<@E^NP%BT5=F zF)%VXF*Y$UH8xro4Kgz^FfuqXHZd?YHj#%|f5^7aX^EWC@awe7WLyR34h=5;-OORo ziOba$qnb5&xg$fi9>-7y547z!hhs884nkiYH*9`&!k04??ex1a$oSm@x%~f?S|nXb z6MEL>09MMul~Sl>)ggx%e857<#GXDnoEN1uv{TKiz{?RkPh<777fYV$kSiGw(G-@V ze|e`vCaurz5Wm^y>#w^vd+D}0Sr%Or-B(c;9IdT99Xi^^i^u^TVYN*50eHSPgPMt~ zk*h(TJfnSUsDaW|7{uFXyr%caHUjpUsB0Jd9(Oy-=S#UdNwQI{hC+*1K;edqvDW&z z;)fFHj>8$PkIGGR0SrqC#JB`lmL7cYOM_Da0|5X5qf;(a1+tfGFt%}}eU-MIE>H0vSVqNwvbSRNFF zReH)BlIx2G2qA*mTQufl))f8&+jb=CI_xV5g}U-btFjb*PMLzZmREWU4l ztoYjCRo#Ljv1w%?azBA2QFvKgm|E!<{YyERcRm`Ix4jSuR7UhAo6HHMRFaZ{!MK}o z?O1wuUJ5-$HZ&ha+UaTN2FY*l#}H?CYy!F>5-X9Ju}lmoz(j{okZ`$wJ<`_M0&;Vx C%{4m! diff --git a/tests/data_files/pkcs7-rsa-sha256-1.key b/tests/data_files/pkcs7-rsa-sha256-1.key index e31159d561..c6367fb29c 100644 --- a/tests/data_files/pkcs7-rsa-sha256-1.key +++ b/tests/data_files/pkcs7-rsa-sha256-1.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0 -ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz -FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN -q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX -HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ -qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY -lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu -+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv -eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL -aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8 -EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI -Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/ -20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe -LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE -9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs -SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX -Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U -eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq -VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq -t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ -NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd -moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv -qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc -4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB -rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4 -LrS/V2yBrDJVczQQM4psonLF +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaolXNZtOsGJyr +Ial0qDhQ5YhVuhf9yP71Zg+v5Mk5rGeNubYgorp5kkdq5SXO/9mlm0x9D97rd3Yp +56KFLEsLPBMEU40nRAg8xfekEwiFL4TByDUH6ULsUq/ZXitwL6Igj4t11HnyoU7q +BdQP200MdkHDcyZbkDwM3b1AxQWS3SyJoye4IndY+ykkWR41cZxT56Ja9RBC1wyb +NvUVbqdYp/HzmgSJRxAK1rkoFdmkO7lS7gRzPDc9GPNdDxJYFGjgjMRr6PxMOE6Q +SXw4qUg9pVhT4rMZwc45qt28ovpgEaa/gR8RE7262dbkW2iAOm8xi9T2ZcP7zHL7 +kx7t8ijJAgMBAAECggEACirXl611yERng7iPRO59InOPKOzXID6XpgDHkgYJ5ZcE +iYzvENsGRhFUTQ7jUyafM8x/5V62ZnbYwAVdGiLJDeRtryyDtNPcM0vEfkcqmaA/ +20J72yjvF60RpyoSEtqs7zVlAvK9MHMDBm/q6z59BM9fQFfJSz6y9hkb1R8HQGpc +ktIBxqANvQ3XYzPwxBdECB6YH12t1UkCEFNmOVup7M/TpMBu79h4cd69Q709iOqP +9kIOxABrRE7evWpwYHFCI7QfbRpFeY7I9b94NQULmOLKJm8QfYfXumzfIQ3gqUW2 +WyIOJc5zAftQ/7Ddu5CKbqsL7yBiMGxI4IHQZ/gEcQKBgQDBE3Fl8XW7JpP9J0vw +VvCBGJgPOU7tn9JG082RUr0pi7HRiEo23zL37PvwPwjn81SkWmh9WcIQFm8Ip4Oy +9sUMR0oInjU3PaAI2oRQCOPynod23wC4tVmjLrNBek8T2AnTtkvSZalooACNumgD +Ef/hpMYDa2O9dTbjtqNOp2AOuQKBgQDNB6UGzwY+HDG444Ir/Q2s2XjOD1cvG3q8 +3NaSnIHuxJeUhYlBXmWsygpGLrq4i5h4EWPz8qKWQwBDwsZIBGisJFQcQzsXS9/Z ++F8l555ikb/AsbZHrWw+miTauXT0xe1dbjkqqpAiiYfJFeDss32WqgaAUD28IK9P +djR85p9ikQKBgHuRDPcYZKelFftjpfcoPP3yFodPvxLXQUVxElQaZtPrAp++IPkj +OcRwWAE25mVEVvxknBD1W/zdzqv0QZZM1ml4SopfbmFvQDfKWfm65uAE01+hcx3D +ep20KqcSNv/VONzVA4ug4p4CILiT/zNP1rq7sLrJhOjg1oNABR42goSJAoGAcs1N +Ajr5a92tmbEKOkc/WQGMOxUr5Bym5QlivEUWG/PITElZSVjp5Y5bomCX/K1teg2C +wh2iHDD3/PkavUh6s6jDz+91Lt41QX9pB3hhnx+tFuBrCEd6zLLS4AXoDwakmiQV +rmZCvpPzjAzMHL2EHNCnQ0Gqz6QdhYjSav1XUYECgYBiv8t7WZFLIsi7Baa1oocv +VU9WsohcqTGP8/i+J4fuRRVGDLl/jcBFm5dYzGVSbpBaM0qhfGIyaAmInHozxooR ++izbLM5nSAO3fXEsPROEx9RwLxQmrs2Ee5W4qDajTm3VOhfQXHQf/z5o3xsdnQJt +mbHCXPhmMn9O6jmrDlGeMg== -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-1.pem b/tests/data_files/pkcs7-rsa-sha256-1.pem index 3795b71887..deee4b2e6c 100644 --- a/tests/data_files/pkcs7-rsa-sha256-1.pem +++ b/tests/data_files/pkcs7-rsa-sha256-1.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUI2LNEq0VTrCDZpmJyvSG20rKV+MwDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDEwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N -Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4 -3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j -9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra -xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7 -y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC -AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY -MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8 -wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8 -1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51 -1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9 -SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H -EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqiVc1m06wYnKshqXSoOFDl +iFW6F/3I/vVmD6/kyTmsZ425tiCiunmSR2rlJc7/2aWbTH0P3ut3dinnooUsSws8 +EwRTjSdECDzF96QTCIUvhMHINQfpQuxSr9leK3AvoiCPi3XUefKhTuoF1A/bTQx2 +QcNzJluQPAzdvUDFBZLdLImjJ7gid1j7KSRZHjVxnFPnolr1EELXDJs29RVup1in +8fOaBIlHEArWuSgV2aQ7uVLuBHM8Nz0Y810PElgUaOCMxGvo/Ew4TpBJfDipSD2l +WFPisxnBzjmq3byi+mARpr+BHxETvbrZ1uRbaIA6bzGL1PZlw/vMcvuTHu3yKMkC +AwEAAaNTMFEwHQYDVR0OBBYEFBvPc+YWbxPtP3MFjmyrL6lQkJJvMB8GA1UdIwQY +MBaAFBvPc+YWbxPtP3MFjmyrL6lQkJJvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJK7huNJR+TlkZBHiCtb0KMfljHRWPuAL6fW0mGvBDeZyRTH +OzGdqgjnYzgYZ538pG7TsMGomrSQwlATfICKsf8dNSlnPqOiIPo2fdd8gr/tO7yl +FG/KvXk0v5Dfs4RGUs7UYdmzncEYC2JsToFsD4jja+5tnY//NJRxkJdswfn+wBqH +wN+y4qELdq+AEBKymbQsIwOBt3UdeVUwBBjtqJXFtET9yhqkqVxnb/i0jHrhjyiS +Q/Y+T9s35+A6XlI6nSiJLDxMfgJVCWa2OtGI//aAlzlw+6dHiiJVVBHpZbW0YTY4 +qE7kjhPrddJYlB6k4S3ub9j4e87k0P0IyFptxw8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0 -ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz -FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN -q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX -HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ -qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY -lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu -+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv -eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL -aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8 -EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI -Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/ -20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe -LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE -9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs -SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX -Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U -eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq -VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq -t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ -NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd -moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv -qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc -4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB -rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4 -LrS/V2yBrDJVczQQM4psonLF +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaolXNZtOsGJyr +Ial0qDhQ5YhVuhf9yP71Zg+v5Mk5rGeNubYgorp5kkdq5SXO/9mlm0x9D97rd3Yp +56KFLEsLPBMEU40nRAg8xfekEwiFL4TByDUH6ULsUq/ZXitwL6Igj4t11HnyoU7q +BdQP200MdkHDcyZbkDwM3b1AxQWS3SyJoye4IndY+ykkWR41cZxT56Ja9RBC1wyb +NvUVbqdYp/HzmgSJRxAK1rkoFdmkO7lS7gRzPDc9GPNdDxJYFGjgjMRr6PxMOE6Q +SXw4qUg9pVhT4rMZwc45qt28ovpgEaa/gR8RE7262dbkW2iAOm8xi9T2ZcP7zHL7 +kx7t8ijJAgMBAAECggEACirXl611yERng7iPRO59InOPKOzXID6XpgDHkgYJ5ZcE +iYzvENsGRhFUTQ7jUyafM8x/5V62ZnbYwAVdGiLJDeRtryyDtNPcM0vEfkcqmaA/ +20J72yjvF60RpyoSEtqs7zVlAvK9MHMDBm/q6z59BM9fQFfJSz6y9hkb1R8HQGpc +ktIBxqANvQ3XYzPwxBdECB6YH12t1UkCEFNmOVup7M/TpMBu79h4cd69Q709iOqP +9kIOxABrRE7evWpwYHFCI7QfbRpFeY7I9b94NQULmOLKJm8QfYfXumzfIQ3gqUW2 +WyIOJc5zAftQ/7Ddu5CKbqsL7yBiMGxI4IHQZ/gEcQKBgQDBE3Fl8XW7JpP9J0vw +VvCBGJgPOU7tn9JG082RUr0pi7HRiEo23zL37PvwPwjn81SkWmh9WcIQFm8Ip4Oy +9sUMR0oInjU3PaAI2oRQCOPynod23wC4tVmjLrNBek8T2AnTtkvSZalooACNumgD +Ef/hpMYDa2O9dTbjtqNOp2AOuQKBgQDNB6UGzwY+HDG444Ir/Q2s2XjOD1cvG3q8 +3NaSnIHuxJeUhYlBXmWsygpGLrq4i5h4EWPz8qKWQwBDwsZIBGisJFQcQzsXS9/Z ++F8l555ikb/AsbZHrWw+miTauXT0xe1dbjkqqpAiiYfJFeDss32WqgaAUD28IK9P +djR85p9ikQKBgHuRDPcYZKelFftjpfcoPP3yFodPvxLXQUVxElQaZtPrAp++IPkj +OcRwWAE25mVEVvxknBD1W/zdzqv0QZZM1ml4SopfbmFvQDfKWfm65uAE01+hcx3D +ep20KqcSNv/VONzVA4ug4p4CILiT/zNP1rq7sLrJhOjg1oNABR42goSJAoGAcs1N +Ajr5a92tmbEKOkc/WQGMOxUr5Bym5QlivEUWG/PITElZSVjp5Y5bomCX/K1teg2C +wh2iHDD3/PkavUh6s6jDz+91Lt41QX9pB3hhnx+tFuBrCEd6zLLS4AXoDwakmiQV +rmZCvpPzjAzMHL2EHNCnQ0Gqz6QdhYjSav1XUYECgYBiv8t7WZFLIsi7Baa1oocv +VU9WsohcqTGP8/i+J4fuRRVGDLl/jcBFm5dYzGVSbpBaM0qhfGIyaAmInHozxooR ++izbLM5nSAO3fXEsPROEx9RwLxQmrs2Ee5W4qDajTm3VOhfQXHQf/z5o3xsdnQJt +mbHCXPhmMn9O6jmrDlGeMg== -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.crt b/tests/data_files/pkcs7-rsa-sha256-2.crt index a0df7d93db..2f0becb5c5 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.crt +++ b/tests/data_files/pkcs7-rsa-sha256-2.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIULQiixEME/TOd8CzfFgp/HxWQOj4wDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDIwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65 -lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y -c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B -g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89 -KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj -j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC -AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY -MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka -q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+ -ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB -xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS -IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+ -gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANarbCe4NkIbeBjAEKWuHhA7 +haz080iy8N1Xbdr0Xa6llOLKgsDVNxkzW+WHRgJNZAtN8XgT7IubIrno9ygcBK5B +b1E4/Butpfnw5aSJhW2uI8Wl7/xCvonEDd3jBQUA4cO8x3ie+7WcGJC2mUXlgUuJ +jdvX7/px5DQuJwy0R3Vul0IOSBvzXVo9UOTYkmoQI2e2UcAk6aU3zQKK8Db5dmlR +cA+sVCb9j1tEmSXQAj0XfXv0Sqijwr7MUYB9vUt2wYexC3b0SosqNqg7MYx6eDUJ +adVvPwHW4VQh5Rv9TVYr9Rpc1pyfgjtvlnouPU+yROJ9VO0irbMY5LI2rAIpQksC +AwEAAaNTMFEwHQYDVR0OBBYEFOozYBd7pxAmsVUtJwSQvRGNvKO9MB8GA1UdIwQY +MBaAFOozYBd7pxAmsVUtJwSQvRGNvKO9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJmOMP3gVqP0/vFqPdMjIa5Pjtwy02z4Z4uLplo/4K8CQp6T ++XMfz+p/UDoglyAuZ34TQ/dnGMM9EFEBgm/O5dJHl442+FrortIEhzGo0QAf+XYK +9HQKVk0a5ecVO9CZw2mduxMJ//r9GyFG0XSqpNqt2yi7UgcPsrq+2OqhzYngYmyr +V5HtQzwBaIqwoXzhHIOX1pJg4GUxrhsaqInrhUM0VTdfpKcRlzFsimQ60LZ6GMcm +rPy3oLs1ioVfYS7et0MnGhgSHIjBeocqYKchzfBk/NnF0eK+lJo+hrGk6F2rDJ4G +ViNKP6MhMBzlZ73yTRTWZcYu6O+sg5cHwjlHhRc= -----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.der b/tests/data_files/pkcs7-rsa-sha256-2.der index fc7a3eabf7b575630dd1a9d74ad17c128a902cbb..a101435991459604a11220538ecee2b8b248c221 100644 GIT binary patch delta 668 zcmX@hc9u=qpo!Vjpoz(F0W%XL6O)K8$D$+7EPsvXe$cru##JvbI>E|rqOzBiv4N?9 zg`t6=rJ-SzIIl4hcVc@){k7FO>O0Jwq$?y22rOMECt%&W=F4Y~O&{)t=id4fyKd=} zN2i(&Ts4<8j(*zi#^jsA?fbDp_)Yh0rJXOnYsj#ybIcF4_#?e`>CX>Omvpw~u2Vj` z^!*>FeVs>m?>=T_Wq5da&+&?Rzqihjn6Pc8>(fT>&feSC-~TFnVxp(cv&Fr%K5x1c zpNI74*eKh8CpRW#2`Hy;3p}9ma;f=QrmhcWKg%)$3;5TBsQvAacA2Sqfyq|9w)%_L zip7Waoe6BH-RoU;uze$U*%z;FEwdHYhCNjkrkt5q^X(b0Jq%HND*e|tO#7=;%(Xf5 zo2>JvRq5IKZ*qB58}e3Z?PiH5o6OcQX?i<(GchwVFfI-@2sDsoV-A(&V-aH!d1ag+ zUcFpEZDXjeI?IH;g1vhd?=_GINh`BR7>G4sRWMnDNwt1vpTXY;VT-@~`WRn`p9`k1(lnM_&)G{uK8UvQQ1q%$k4#Z z!qCjnz|<^CoY%-0!JXJ1QGar(>9mr6%Y}c*KMlFOui@X$DK5c&&jYT{sBtuUoUx+t zsmf%%>M1R@%DP+X=JE3zE%*HR_(_UK>F=G3z8w6lU?)-B_gMb0o$C3MB~rf%HExUE z-R@8*6lByjGuES5@y?5#(MR7`-L_K@EK^otR;k<9*c>shVC{ivg&YrJ88@=mA9{L& z;UT-+txo+y>xD_&$G2>&3%DnfJ(ugSm&NXh5oPhV8U`(ojWa(Sn{^~%&wX*82mIly z3_qoB+ji&!lV4=FbJl+0C%*rW92b09k^E-;=TznXq*p848ZIx-_q^O+x^VM1Q^~AX zjfc0~*^xN)+^#q29`+kbPtD^GUN(IpWBhUNHB*_G85tNC2O9($$g(kq%JQ*@v554! zhV72mXTI*@5_2;2*9y`6y7oK+d62X+i-dt#16Bo-HJDWEm!w|i5EOhjkMVY=XI%W| zhccJWuG*aG?zFo8!o(KEZH{a=rB;Wse^KHwV6W2LtI|GksjBUoHvS`wtt+}N8_c^Y z=i2ggex}(Ux#ZpQQ=a^&kXP83dADs)rdar(OAN_czfyN?u*XLhZlJUIu%w zM;tEc!Q6SGj1dZ#o$3qsm^dDNwZ{4K)AIJ&&8_*X4yn)8O4Cp`tj%$4nQ6}~FRlGM z^iSq%I~|>Ud$#u9ym|83C1oX(>;IY$Oxczun7(1-CYwS(hTz;q87E5l7StzwJ+xM< zBe|>p(_UpmU#ep`eve*dYMG=kecuWIcTFeT diff --git a/tests/data_files/pkcs7-rsa-sha256-2.key b/tests/data_files/pkcs7-rsa-sha256-2.key index 659c015666..fe78b1130a 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.key +++ b/tests/data_files/pkcs7-rsa-sha256-2.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of -5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5 -ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2 -IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK -OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp -eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX -oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM -NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7 -73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD -w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T -i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB -qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9 -ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH -slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo -in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D -NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w -+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95 -0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG -+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ -FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI -xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9 -1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3 -kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa -uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO -0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ -Qn6c/zyvMKSyrCVxo5pTd5Il +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDWq2wnuDZCG3gY +wBClrh4QO4Ws9PNIsvDdV23a9F2upZTiyoLA1TcZM1vlh0YCTWQLTfF4E+yLmyK5 +6PcoHASuQW9ROPwbraX58OWkiYVtriPFpe/8Qr6JxA3d4wUFAOHDvMd4nvu1nBiQ +tplF5YFLiY3b1+/6ceQ0LicMtEd1bpdCDkgb811aPVDk2JJqECNntlHAJOmlN80C +ivA2+XZpUXAPrFQm/Y9bRJkl0AI9F3179Eqoo8K+zFGAfb1LdsGHsQt29EqLKjao +OzGMeng1CWnVbz8B1uFUIeUb/U1WK/UaXNacn4I7b5Z6Lj1PskTifVTtIq2zGOSy +NqwCKUJLAgMBAAECgf8TtKi4/K/+YYckvnzIuLMJymz684FhqwtxRhVPhB8VaR3B +s9VM3kWwioZlC4XhsDj+0KjZ3PpZ1mPZrQkDJY9Ib7lIO3LpF4ek6fgqonUdHF8s +RY9CGN5kxxp+w9gyHWKcFTg6Wl3AzhNzNU/cmrTDulzLUYc19j58i8AJ6oKkxNcT +gie9c38wDjZr67cynARkS9N94WkMsOQzM59TzOfukldsbwYISZahR/L9hgQqzcFL +hxsrQbZ0M5XFziOjuDGzJZswbbTvkupqt0EwEXcI1jnvOtKPC50RaIY9y9sQYRPX +RXFzUaBGKHjLWtEYQd/bXWTtCLx6C4FDRkOsVQUCgYEA69z8xq8lp77lD2gNsh3x +o8cnnx3xcwnj+9bEDDKXgA1RBwnXpQ/Gq5Jme7zm9552xJXDQwckuJQ9/Fd4L8Zy +ZjyOuYC6Mdc4ncwo1yT9Rv6ipSq/dsVKQbMYaOxtQ6Lce1wPyF32slu2mPlwOgIo +w0Adl3MqC+Gk3ANcPWyJha8CgYEA6P86jw8MfaA4qTn6Zy1YEq17+8Chd15PA2E7 +NWdEL75Jr+Im9kTY+niWcZo6q/JKa5FokxrSB988NMK6Qd20d2gZijc1yHprC1fq +W3RP9C2qvEOs+4+w38F63JkBXOyqh6+bqclsEDk5COoe2EdIevF4PQheWuQtbNHv +7G5yECUCgYEApNTDMnakch5OJf4p1BhpDnPXlLNwUVzQHudwCrYweiTUQ371XT0x +MiYVyNOy9cmgZrHiy6zqVLQEvZzDOWAOArS/aZQ0izBFOMG8qN4Iwtyg/ZxqQa6O +vmtS28Cee24Nd4hW30gLZ4oAideIPoHTyt+7zmOFNthyRe9zPtnjIbECgYAfnrOV +wpcRXXMTFDk1U2QGdODEk6nWB0h1zvY4EyGf0RUy92AOP92qcD8Kf8HCoAkVfBBT +Fmq2gscq6dpZIfth0RDWPxPfdy2bxnyZmLlZC/GFxzFsml2IoDtKQMF8mOmzrFNV +wW4W7Y0d9pflBheCB88niUE02I6JnBwRXBPCuQKBgD01VJsGqgFvlvjK0KVpPVCB +KK0GPI5TFNSDjYSIG25Vm4lYmiWwr54iaqWvlK9SFXH0C9R1VAuU+uaY+8tGM4o5 +RO9mk0AvIJ4BC0FZHS2fHDld/37WO3rh66Qym6zgp02ZPYDSLXT18sf0SVMAzU7h +2j60FMMEJPr7clx+n6xU -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.pem b/tests/data_files/pkcs7-rsa-sha256-2.pem index b11a00a199..71004b5f83 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.pem +++ b/tests/data_files/pkcs7-rsa-sha256-2.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIULQiixEME/TOd8CzfFgp/HxWQOj4wDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDIwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65 -lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y -c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B -g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89 -KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj -j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC -AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY -MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka -q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+ -ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB -xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS -IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+ -gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANarbCe4NkIbeBjAEKWuHhA7 +haz080iy8N1Xbdr0Xa6llOLKgsDVNxkzW+WHRgJNZAtN8XgT7IubIrno9ygcBK5B +b1E4/Butpfnw5aSJhW2uI8Wl7/xCvonEDd3jBQUA4cO8x3ie+7WcGJC2mUXlgUuJ +jdvX7/px5DQuJwy0R3Vul0IOSBvzXVo9UOTYkmoQI2e2UcAk6aU3zQKK8Db5dmlR +cA+sVCb9j1tEmSXQAj0XfXv0Sqijwr7MUYB9vUt2wYexC3b0SosqNqg7MYx6eDUJ +adVvPwHW4VQh5Rv9TVYr9Rpc1pyfgjtvlnouPU+yROJ9VO0irbMY5LI2rAIpQksC +AwEAAaNTMFEwHQYDVR0OBBYEFOozYBd7pxAmsVUtJwSQvRGNvKO9MB8GA1UdIwQY +MBaAFOozYBd7pxAmsVUtJwSQvRGNvKO9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJmOMP3gVqP0/vFqPdMjIa5Pjtwy02z4Z4uLplo/4K8CQp6T ++XMfz+p/UDoglyAuZ34TQ/dnGMM9EFEBgm/O5dJHl442+FrortIEhzGo0QAf+XYK +9HQKVk0a5ecVO9CZw2mduxMJ//r9GyFG0XSqpNqt2yi7UgcPsrq+2OqhzYngYmyr +V5HtQzwBaIqwoXzhHIOX1pJg4GUxrhsaqInrhUM0VTdfpKcRlzFsimQ60LZ6GMcm +rPy3oLs1ioVfYS7et0MnGhgSHIjBeocqYKchzfBk/NnF0eK+lJo+hrGk6F2rDJ4G +ViNKP6MhMBzlZ73yTRTWZcYu6O+sg5cHwjlHhRc= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of -5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5 -ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2 -IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK -OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp -eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX -oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM -NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7 -73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD -w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T -i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB -qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9 -ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH -slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo -in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D -NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w -+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95 -0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG -+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ -FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI -xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9 -1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3 -kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa -uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO -0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ -Qn6c/zyvMKSyrCVxo5pTd5Il +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDWq2wnuDZCG3gY +wBClrh4QO4Ws9PNIsvDdV23a9F2upZTiyoLA1TcZM1vlh0YCTWQLTfF4E+yLmyK5 +6PcoHASuQW9ROPwbraX58OWkiYVtriPFpe/8Qr6JxA3d4wUFAOHDvMd4nvu1nBiQ +tplF5YFLiY3b1+/6ceQ0LicMtEd1bpdCDkgb811aPVDk2JJqECNntlHAJOmlN80C +ivA2+XZpUXAPrFQm/Y9bRJkl0AI9F3179Eqoo8K+zFGAfb1LdsGHsQt29EqLKjao +OzGMeng1CWnVbz8B1uFUIeUb/U1WK/UaXNacn4I7b5Z6Lj1PskTifVTtIq2zGOSy +NqwCKUJLAgMBAAECgf8TtKi4/K/+YYckvnzIuLMJymz684FhqwtxRhVPhB8VaR3B +s9VM3kWwioZlC4XhsDj+0KjZ3PpZ1mPZrQkDJY9Ib7lIO3LpF4ek6fgqonUdHF8s +RY9CGN5kxxp+w9gyHWKcFTg6Wl3AzhNzNU/cmrTDulzLUYc19j58i8AJ6oKkxNcT +gie9c38wDjZr67cynARkS9N94WkMsOQzM59TzOfukldsbwYISZahR/L9hgQqzcFL +hxsrQbZ0M5XFziOjuDGzJZswbbTvkupqt0EwEXcI1jnvOtKPC50RaIY9y9sQYRPX +RXFzUaBGKHjLWtEYQd/bXWTtCLx6C4FDRkOsVQUCgYEA69z8xq8lp77lD2gNsh3x +o8cnnx3xcwnj+9bEDDKXgA1RBwnXpQ/Gq5Jme7zm9552xJXDQwckuJQ9/Fd4L8Zy +ZjyOuYC6Mdc4ncwo1yT9Rv6ipSq/dsVKQbMYaOxtQ6Lce1wPyF32slu2mPlwOgIo +w0Adl3MqC+Gk3ANcPWyJha8CgYEA6P86jw8MfaA4qTn6Zy1YEq17+8Chd15PA2E7 +NWdEL75Jr+Im9kTY+niWcZo6q/JKa5FokxrSB988NMK6Qd20d2gZijc1yHprC1fq +W3RP9C2qvEOs+4+w38F63JkBXOyqh6+bqclsEDk5COoe2EdIevF4PQheWuQtbNHv +7G5yECUCgYEApNTDMnakch5OJf4p1BhpDnPXlLNwUVzQHudwCrYweiTUQ371XT0x +MiYVyNOy9cmgZrHiy6zqVLQEvZzDOWAOArS/aZQ0izBFOMG8qN4Iwtyg/ZxqQa6O +vmtS28Cee24Nd4hW30gLZ4oAideIPoHTyt+7zmOFNthyRe9zPtnjIbECgYAfnrOV +wpcRXXMTFDk1U2QGdODEk6nWB0h1zvY4EyGf0RUy92AOP92qcD8Kf8HCoAkVfBBT +Fmq2gscq6dpZIfth0RDWPxPfdy2bxnyZmLlZC/GFxzFsml2IoDtKQMF8mOmzrFNV +wW4W7Y0d9pflBheCB88niUE02I6JnBwRXBPCuQKBgD01VJsGqgFvlvjK0KVpPVCB +KK0GPI5TFNSDjYSIG25Vm4lYmiWwr54iaqWvlK9SFXH0C9R1VAuU+uaY+8tGM4o5 +RO9mk0AvIJ4BC0FZHS2fHDld/37WO3rh66Qym6zgp02ZPYDSLXT18sf0SVMAzU7h +2j60FMMEJPr7clx+n6xU -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-3.crt b/tests/data_files/pkcs7-rsa-sha256-3.crt index 5f22ce2f5f..03ce5b35df 100644 --- a/tests/data_files/pkcs7-rsa-sha256-3.crt +++ b/tests/data_files/pkcs7-rsa-sha256-3.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUYkdymHWejgRxiuVjFV81I8+4TNswDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUT1tppAbQpx6vLbVzRx/54bi0ehowDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDMwHhcNMjMwMTMwMTkyMTQzWhcNMjQwMTMwMTkyMTQzWjA0MQswCQYD +NyBDZXJ0IDMwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJ/vfx54ZcwX1ImcNW6ERqk -XMUWzQnnNrfKBRkxebIq/NAu/5vVE6D2qAeNBiZO+O3dYcyJGiP6O+SfzyKKrG3z -7O1v4ONY3A5P0ge3LJpj2MaUzPOANdQ8444IdWh1cP02uDhVJxgab6cSoFykK2bC -lETgb5XrV9/42/qCrT+UTuuRFadRLtO7lcs4ZoVCUJ/hBN2Ad65rX6TAc1AmUV+K -gO6b0ZvnVW1cevZ2rlpUqcoJyYtYE3Ysd/aVpqE19vS7gMXvFL616a4d+IUi2Rmu -6uXBYGvzf7eLVLpdzwSurG0oEklfSjDHejxKX7QETlSLNwODK/W0Se+sQQt1t0kC -AwEAAaNTMFEwHQYDVR0OBBYEFC7YxdBlJ9oR3H+KJt8toimNCyudMB8GA1UdIwQY -MBaAFC7YxdBlJ9oR3H+KJt8toimNCyudMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAGqqNRMi6uJRCPFae7L+yOY09FtFjMCY/1cvHjnQzYk3i90u -WiiZfOUD8js96SkdanaZEqxDNjx0VM3t0KDPrNHTMP2LDK58sktPRi62C2eHWI3C -PfqmCxWjSKjOeUaJsVBU4rfQgvnMFlG9iVfhix3aB79GfBSQmLxLAOBVsphTLL6C -AzJ60WjSM9WhILV4U5QnpTUuXFId+ub43jOHfLtJVk2nM5YSaZ0H9jM69FzOnqFE -qUuJ7d0CW256aiAz3hs/y0wXImFUPCfoU45nw7fFcb/EMon5cqgx99IADLecHL8P -uOX5xpJ64mBR5NuVdH2d4bld9vh3sOcCGebHaWw= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO1SO1OUqWVMqINj+MZPgE5s +8sdFrVyXlt/3EqXNs6zUBr12Kj4USt5tmVyF1FxYsw76U1ZpeUUBIrQ62CyQgZtD +l96tipHbxFneWXV0COrp+2rjWUDz3bY0lM39JCrOxlBDx/QYOJHm4HAeWPkg0F1R +26kKLNUYxg54gtjnauleWefrMcV3S69RTJGlf3hVJ1fltz/yw8N9XG8XxANZT0Cz +JV31yzLMxCTm2iBXXALSkw5QDVT+SD0mbkYT26bwtAvXptPjbC7ZrOxYyrmnhk2U +aPVewp5ncrDhZpfKCXVG6qtSQ3zHu6WwBCk3hdZ9RpBMDMOm+VFl+rGgD46p2osC +AwEAAaNTMFEwHQYDVR0OBBYEFGNzo9wwEk9/t6xxxpby/NRmNJRlMB8GA1UdIwQY +MBaAFGNzo9wwEk9/t6xxxpby/NRmNJRlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAKJEmDyEmw8Q6mbaqREvmNScGrA60wONTQdlX3lny4VzqAzi +MxIeCIfwSvR9Lho0lPmFMErdDPTUKzWmlAXUSlsyjnGrqP5uCixTUBZ9Ic1gaxDz +Mere8nr7yow+I9euYNN1/dNJZP9mcrP269FGyTuM/8Woi+zaJHr0Y8K9TRRXudqP +wu6X/qZ+OeQrW4WMeb1+eZ59FtRadamsQabxvtgkRJhmqNsGQ/i+S0SqGt2t2xvq +lTxshA5p17bLQmTJsNKXbQeVPH99M+ecXvwN0hj3fDnQeDMTjdKOsyFupyZ+vxN+ +pFvT7lP0hrOuU07FFqt36B0xObB1QwZb2DPcEIw= -----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-3.key b/tests/data_files/pkcs7-rsa-sha256-3.key index 3cdc717b03..17c4eedb18 100644 --- a/tests/data_files/pkcs7-rsa-sha256-3.key +++ b/tests/data_files/pkcs7-rsa-sha256-3.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDSf738eeGXMF9S -JnDVuhEapFzFFs0J5za3ygUZMXmyKvzQLv+b1ROg9qgHjQYmTvjt3WHMiRoj+jvk -n88iiqxt8+ztb+DjWNwOT9IHtyyaY9jGlMzzgDXUPOOOCHVodXD9Nrg4VScYGm+n -EqBcpCtmwpRE4G+V61ff+Nv6gq0/lE7rkRWnUS7Tu5XLOGaFQlCf4QTdgHeua1+k -wHNQJlFfioDum9Gb51VtXHr2dq5aVKnKCcmLWBN2LHf2laahNfb0u4DF7xS+temu -HfiFItkZrurlwWBr83+3i1S6Xc8ErqxtKBJJX0owx3o8Sl+0BE5UizcDgyv1tEnv -rEELdbdJAgMBAAECggEANIkePRecNnQjriia67SjFS+lWaktpkWXEfqxGA8RjOaO -r1SzhcyBuCAnYq8PNFtsZE1m3bnwFL+c2BwMgdXzYAPLg5zzFzqzvTytsjBEyQmX -bkRv/Gvow14o+udgiiAZgZD5HFIgTjM2349WB5kPnfd9Ms2C+/s/NM5y9IxNufqR -Toto9xwEviJDNVQUeamMbV1hYg0GkvYFNBg5JnGZw+2Sxdml3NFkaHjO+lOhC1VJ -nhtP0OeOhEMJe9J/MlqkByeg4WQW+jgPo9ysOa+JsEYBokBTleAboNNUJz1SmZ2o -CCLcMaEwA1IFZAbqjKzPb0xwjeZAtPsBzGFBwiuDyQKBgQDdCkiCeo+AuCdIK4Y3 -i8uf2Pv/eieN37pHBJZcRvNbwcrcnk4Tx0QAsiqnemLDurd+3Xp2BbPMKSNXNkaI -X4KAtv3hh6sNCQZ2QwkSGYvSOrR4xaExbeuPlrDteLG6Z7W+Txl6iFR8r7sbdySD -XIIB2yyyh/01gkphB1XPhPxAnQKBgQDzyqf8IccG/yoSm/luX7yKbsPsLMnV1CkR -hKaPik9vA8wi4P460HqGSwjECubbx2LuGNijVRHqufu6Arm7/hMNya0gA4ToHN+i -r7MiD8iGpKKYv7Dn1KVhw/Knwx3MHhFgB9V55EBn92MVL1ZC1S7cLq7tn1ggVHnC -mlS0OW1DnQKBgDx679QjzNgfi0AICLVyHskiCfGhbuk26jU8YBfnofbdU7CB8EMh -Js458cnZhuSfVk30M+nPLZ8TMoROaYYu+/pUF6t5/6eVbJs3RGgbbVKclXzmNnDb -7rRfOxH/EEI81lG4OvR4EQX832lodCktSrVPTy+aXgIiIE/kPeqGLK9RAoGBAIdN -4X/A62pJsfsUEBKfFdAq+5gXn4mKr6RmX97on394txJglxjjXi0sddgASPKPrauB -pLK54zDIOhqZqqXYtJCBbxGGgnwkkkYDh8MOyXdY5lkqgq+YSJWDICjV1LLVuUT3 -9BYrhUdueNJoLFL5aIGRc0q0lj+TQuSrrPk9qhPNAoGADbbSa+iD3C+sladHkMAU -u7CvM/0izVqokKnUTBzQh5oxfKQncMVyYrws/Orkcc7u30FeX6bkCoY6dP1+YXLh -ZlmiSgDK6kebOCGRWjCGKGys4WU1QiFluEjRfXQIMW3Wj45vxB3xPrD1TTHcfWgJ -7BT4C+yor7c/fL356athqxk= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtUjtTlKllTKiD +Y/jGT4BObPLHRa1cl5bf9xKlzbOs1Aa9dio+FErebZlchdRcWLMO+lNWaXlFASK0 +OtgskIGbQ5ferYqR28RZ3ll1dAjq6ftq41lA8922NJTN/SQqzsZQQ8f0GDiR5uBw +Hlj5INBdUdupCizVGMYOeILY52rpXlnn6zHFd0uvUUyRpX94VSdX5bc/8sPDfVxv +F8QDWU9AsyVd9csyzMQk5togV1wC0pMOUA1U/kg9Jm5GE9um8LQL16bT42wu2azs +WMq5p4ZNlGj1XsKeZ3Kw4WaXygl1RuqrUkN8x7ulsAQpN4XWfUaQTAzDpvlRZfqx +oA+OqdqLAgMBAAECggEAU51l9rBJsL2+H7Dw/VoUcE1Vip1Dk/x69YUVRmK/2/RG +Pams/3th15WQ87bZWAIOcIgFJcx6pDPeuNaExMrTR1Oc5iGJ0ZM3TpyXM1lDLRVs +dkAM+eQSKTjEdwEqJYT9/VisUhXYlJteV1Jx8bC8iSymspu5qQkV+xI9s9NxaTAd +19U5NoozZRBS37lU3WxMhPCHCrbl6vwcfvtsZClEICA8YUKyS+wUh0wjzgkQrORT +kaTxY8YyQ/ufSIkA3XKJX1flO1UdNFJcHhseiXWuuUTKUMvWNILUoFpbky5uYb5z +VM7u57ZBF3uVHmvJNYS04iQdNkV1ZkpWH8opuQ1kyQKBgQD2jl6Y0qTy/s+g9aQ7 +ypZ0zi/lhIJaTBDqxwJA18e8+4kq3WEEBDD1X/eT44nVPhGy78ccJZCnw2PBHy1k +6xVCfGAZVV850m9JGf4L/VEN6D5qdB2owJPVCEh7fa6hVvLKYFNCuvs0osKCVnyy +PGq8ixAP5sJp8yoEnlUi0II3UwKBgQD2aU7xdQgba7uMu2rJo0bzDKfxv4q5nUYO +XLBm7l+Mz6Uz68A/scLsKWmdvmdPKy83pmR/2RJ1pp0HNVfa8rL+0DHCqf1PApE+ +jFgcQIdnyzwRFHPDH/9zmrHUy32L5MdiQEWwqg9wP2HYbuv9VbN0Rn3HTFdRVarD +hg36/hSA6QKBgBaH+iMTFNnT6Vt3NzPzln5EHWJnEpZ33w/lcdJFJc6iWe2d33DD +hUnXJEPShlUDYBCvEs4CrM5375TFaZuQVBgIT6vg/lvFXEAc7Pdhhde0goet5sv2 +FUxhfmYynRPHY1aVKOavOaecvBO3HZwYI1TpjGU3nEqcWxmi8nrE/TFbAoGALGaD +XAzLfi1maRBoSJcMNMVmCbCK7bFCK1pWSuXO/892pClpxdBhIC7CIjNp6CEO7Acm +escBhYOVLfRVtVUgHbwkC0CYLUF4LH4bblPOUkyTsTwvM8yzOgB45LAaGjgKGVEd +fZzXFVHGbrpl+YsUv/Hnvh6qaTR3ha3FHSHlTekCgYEA889EzlEOwmu69z06RJsZ +mlYoR0/1xxiYmSNy+hXWoM64G99R94bc/bx/QSJAXu93HX4N0GHPmjjpZvk1IjHL +zQGikdb2jvbKnRcR/4DiXQ1jggk59bCUDaQkpEbBvtCLj/LjMnwxAJAoCOGjuIxG +hmSyoAlNQm47tGD3i+2erv0= -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-3.pem b/tests/data_files/pkcs7-rsa-sha256-3.pem index ee99782c3b..0dc2fe985a 100644 --- a/tests/data_files/pkcs7-rsa-sha256-3.pem +++ b/tests/data_files/pkcs7-rsa-sha256-3.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUYkdymHWejgRxiuVjFV81I8+4TNswDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUT1tppAbQpx6vLbVzRx/54bi0ehowDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDMwHhcNMjMwMTMwMTkyMTQzWhcNMjQwMTMwMTkyMTQzWjA0MQswCQYD +NyBDZXJ0IDMwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJ/vfx54ZcwX1ImcNW6ERqk -XMUWzQnnNrfKBRkxebIq/NAu/5vVE6D2qAeNBiZO+O3dYcyJGiP6O+SfzyKKrG3z -7O1v4ONY3A5P0ge3LJpj2MaUzPOANdQ8444IdWh1cP02uDhVJxgab6cSoFykK2bC -lETgb5XrV9/42/qCrT+UTuuRFadRLtO7lcs4ZoVCUJ/hBN2Ad65rX6TAc1AmUV+K -gO6b0ZvnVW1cevZ2rlpUqcoJyYtYE3Ysd/aVpqE19vS7gMXvFL616a4d+IUi2Rmu -6uXBYGvzf7eLVLpdzwSurG0oEklfSjDHejxKX7QETlSLNwODK/W0Se+sQQt1t0kC -AwEAAaNTMFEwHQYDVR0OBBYEFC7YxdBlJ9oR3H+KJt8toimNCyudMB8GA1UdIwQY -MBaAFC7YxdBlJ9oR3H+KJt8toimNCyudMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAGqqNRMi6uJRCPFae7L+yOY09FtFjMCY/1cvHjnQzYk3i90u -WiiZfOUD8js96SkdanaZEqxDNjx0VM3t0KDPrNHTMP2LDK58sktPRi62C2eHWI3C -PfqmCxWjSKjOeUaJsVBU4rfQgvnMFlG9iVfhix3aB79GfBSQmLxLAOBVsphTLL6C -AzJ60WjSM9WhILV4U5QnpTUuXFId+ub43jOHfLtJVk2nM5YSaZ0H9jM69FzOnqFE -qUuJ7d0CW256aiAz3hs/y0wXImFUPCfoU45nw7fFcb/EMon5cqgx99IADLecHL8P -uOX5xpJ64mBR5NuVdH2d4bld9vh3sOcCGebHaWw= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO1SO1OUqWVMqINj+MZPgE5s +8sdFrVyXlt/3EqXNs6zUBr12Kj4USt5tmVyF1FxYsw76U1ZpeUUBIrQ62CyQgZtD +l96tipHbxFneWXV0COrp+2rjWUDz3bY0lM39JCrOxlBDx/QYOJHm4HAeWPkg0F1R +26kKLNUYxg54gtjnauleWefrMcV3S69RTJGlf3hVJ1fltz/yw8N9XG8XxANZT0Cz +JV31yzLMxCTm2iBXXALSkw5QDVT+SD0mbkYT26bwtAvXptPjbC7ZrOxYyrmnhk2U +aPVewp5ncrDhZpfKCXVG6qtSQ3zHu6WwBCk3hdZ9RpBMDMOm+VFl+rGgD46p2osC +AwEAAaNTMFEwHQYDVR0OBBYEFGNzo9wwEk9/t6xxxpby/NRmNJRlMB8GA1UdIwQY +MBaAFGNzo9wwEk9/t6xxxpby/NRmNJRlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAKJEmDyEmw8Q6mbaqREvmNScGrA60wONTQdlX3lny4VzqAzi +MxIeCIfwSvR9Lho0lPmFMErdDPTUKzWmlAXUSlsyjnGrqP5uCixTUBZ9Ic1gaxDz +Mere8nr7yow+I9euYNN1/dNJZP9mcrP269FGyTuM/8Woi+zaJHr0Y8K9TRRXudqP +wu6X/qZ+OeQrW4WMeb1+eZ59FtRadamsQabxvtgkRJhmqNsGQ/i+S0SqGt2t2xvq +lTxshA5p17bLQmTJsNKXbQeVPH99M+ecXvwN0hj3fDnQeDMTjdKOsyFupyZ+vxN+ +pFvT7lP0hrOuU07FFqt36B0xObB1QwZb2DPcEIw= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDSf738eeGXMF9S -JnDVuhEapFzFFs0J5za3ygUZMXmyKvzQLv+b1ROg9qgHjQYmTvjt3WHMiRoj+jvk -n88iiqxt8+ztb+DjWNwOT9IHtyyaY9jGlMzzgDXUPOOOCHVodXD9Nrg4VScYGm+n -EqBcpCtmwpRE4G+V61ff+Nv6gq0/lE7rkRWnUS7Tu5XLOGaFQlCf4QTdgHeua1+k -wHNQJlFfioDum9Gb51VtXHr2dq5aVKnKCcmLWBN2LHf2laahNfb0u4DF7xS+temu -HfiFItkZrurlwWBr83+3i1S6Xc8ErqxtKBJJX0owx3o8Sl+0BE5UizcDgyv1tEnv -rEELdbdJAgMBAAECggEANIkePRecNnQjriia67SjFS+lWaktpkWXEfqxGA8RjOaO -r1SzhcyBuCAnYq8PNFtsZE1m3bnwFL+c2BwMgdXzYAPLg5zzFzqzvTytsjBEyQmX -bkRv/Gvow14o+udgiiAZgZD5HFIgTjM2349WB5kPnfd9Ms2C+/s/NM5y9IxNufqR -Toto9xwEviJDNVQUeamMbV1hYg0GkvYFNBg5JnGZw+2Sxdml3NFkaHjO+lOhC1VJ -nhtP0OeOhEMJe9J/MlqkByeg4WQW+jgPo9ysOa+JsEYBokBTleAboNNUJz1SmZ2o -CCLcMaEwA1IFZAbqjKzPb0xwjeZAtPsBzGFBwiuDyQKBgQDdCkiCeo+AuCdIK4Y3 -i8uf2Pv/eieN37pHBJZcRvNbwcrcnk4Tx0QAsiqnemLDurd+3Xp2BbPMKSNXNkaI -X4KAtv3hh6sNCQZ2QwkSGYvSOrR4xaExbeuPlrDteLG6Z7W+Txl6iFR8r7sbdySD -XIIB2yyyh/01gkphB1XPhPxAnQKBgQDzyqf8IccG/yoSm/luX7yKbsPsLMnV1CkR -hKaPik9vA8wi4P460HqGSwjECubbx2LuGNijVRHqufu6Arm7/hMNya0gA4ToHN+i -r7MiD8iGpKKYv7Dn1KVhw/Knwx3MHhFgB9V55EBn92MVL1ZC1S7cLq7tn1ggVHnC -mlS0OW1DnQKBgDx679QjzNgfi0AICLVyHskiCfGhbuk26jU8YBfnofbdU7CB8EMh -Js458cnZhuSfVk30M+nPLZ8TMoROaYYu+/pUF6t5/6eVbJs3RGgbbVKclXzmNnDb -7rRfOxH/EEI81lG4OvR4EQX832lodCktSrVPTy+aXgIiIE/kPeqGLK9RAoGBAIdN -4X/A62pJsfsUEBKfFdAq+5gXn4mKr6RmX97on394txJglxjjXi0sddgASPKPrauB -pLK54zDIOhqZqqXYtJCBbxGGgnwkkkYDh8MOyXdY5lkqgq+YSJWDICjV1LLVuUT3 -9BYrhUdueNJoLFL5aIGRc0q0lj+TQuSrrPk9qhPNAoGADbbSa+iD3C+sladHkMAU -u7CvM/0izVqokKnUTBzQh5oxfKQncMVyYrws/Orkcc7u30FeX6bkCoY6dP1+YXLh -ZlmiSgDK6kebOCGRWjCGKGys4WU1QiFluEjRfXQIMW3Wj45vxB3xPrD1TTHcfWgJ -7BT4C+yor7c/fL356athqxk= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtUjtTlKllTKiD +Y/jGT4BObPLHRa1cl5bf9xKlzbOs1Aa9dio+FErebZlchdRcWLMO+lNWaXlFASK0 +OtgskIGbQ5ferYqR28RZ3ll1dAjq6ftq41lA8922NJTN/SQqzsZQQ8f0GDiR5uBw +Hlj5INBdUdupCizVGMYOeILY52rpXlnn6zHFd0uvUUyRpX94VSdX5bc/8sPDfVxv +F8QDWU9AsyVd9csyzMQk5togV1wC0pMOUA1U/kg9Jm5GE9um8LQL16bT42wu2azs +WMq5p4ZNlGj1XsKeZ3Kw4WaXygl1RuqrUkN8x7ulsAQpN4XWfUaQTAzDpvlRZfqx +oA+OqdqLAgMBAAECggEAU51l9rBJsL2+H7Dw/VoUcE1Vip1Dk/x69YUVRmK/2/RG +Pams/3th15WQ87bZWAIOcIgFJcx6pDPeuNaExMrTR1Oc5iGJ0ZM3TpyXM1lDLRVs +dkAM+eQSKTjEdwEqJYT9/VisUhXYlJteV1Jx8bC8iSymspu5qQkV+xI9s9NxaTAd +19U5NoozZRBS37lU3WxMhPCHCrbl6vwcfvtsZClEICA8YUKyS+wUh0wjzgkQrORT +kaTxY8YyQ/ufSIkA3XKJX1flO1UdNFJcHhseiXWuuUTKUMvWNILUoFpbky5uYb5z +VM7u57ZBF3uVHmvJNYS04iQdNkV1ZkpWH8opuQ1kyQKBgQD2jl6Y0qTy/s+g9aQ7 +ypZ0zi/lhIJaTBDqxwJA18e8+4kq3WEEBDD1X/eT44nVPhGy78ccJZCnw2PBHy1k +6xVCfGAZVV850m9JGf4L/VEN6D5qdB2owJPVCEh7fa6hVvLKYFNCuvs0osKCVnyy +PGq8ixAP5sJp8yoEnlUi0II3UwKBgQD2aU7xdQgba7uMu2rJo0bzDKfxv4q5nUYO +XLBm7l+Mz6Uz68A/scLsKWmdvmdPKy83pmR/2RJ1pp0HNVfa8rL+0DHCqf1PApE+ +jFgcQIdnyzwRFHPDH/9zmrHUy32L5MdiQEWwqg9wP2HYbuv9VbN0Rn3HTFdRVarD +hg36/hSA6QKBgBaH+iMTFNnT6Vt3NzPzln5EHWJnEpZ33w/lcdJFJc6iWe2d33DD +hUnXJEPShlUDYBCvEs4CrM5375TFaZuQVBgIT6vg/lvFXEAc7Pdhhde0goet5sv2 +FUxhfmYynRPHY1aVKOavOaecvBO3HZwYI1TpjGU3nEqcWxmi8nrE/TFbAoGALGaD +XAzLfi1maRBoSJcMNMVmCbCK7bFCK1pWSuXO/892pClpxdBhIC7CIjNp6CEO7Acm +escBhYOVLfRVtVUgHbwkC0CYLUF4LH4bblPOUkyTsTwvM8yzOgB45LAaGjgKGVEd +fZzXFVHGbrpl+YsUv/Hnvh6qaTR3ha3FHSHlTekCgYEA889EzlEOwmu69z06RJsZ +mlYoR0/1xxiYmSNy+hXWoM64G99R94bc/bx/QSJAXu93HX4N0GHPmjjpZvk1IjHL +zQGikdb2jvbKnRcR/4DiXQ1jggk59bCUDaQkpEbBvtCLj/LjMnwxAJAoCOGjuIxG +hmSyoAlNQm47tGD3i+2erv0= -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7_data_3_signed.der b/tests/data_files/pkcs7_data_3_signed.der index 92c0710753352dfdd3d21367b766da5eab62b1b0..23181ae82040668f6700a8710c452620a47a3702 100644 GIT binary patch delta 867 zcmV-p1DyP!384v)eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$isYtBV6 tE=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$5rRq1pfd delta 867 zcmV-p1DyP!384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l%P0FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt{SuXa zT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$MCdqx z#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo60~d< zk{~CIcNe#cJVn+yS`!M3ScDwBDGpD8edDD57VOY>$}^y*KTJlCU<&LNQUo z01~dhs%S8+-dW-5VjPtchT?z4Z;Y!*huoU#cgs|pAtx7UR?VygJ{KmJ>^A%i(Xj6y zoOHujcCC@$=i{lZMv9D{adx+kk27bexLSO)mQM6GfKZSnd4I2xVeSPqu(j9^4t6>a z?SG++AHzeoBt^h3FtoIpM1^(~HCa||;yIXhz<@<2qFU|U&(*5I<-r(_(l-gSP0q+E zPw)|XPZIwqK8)f4PIudYkOEom5P+X%1>td24E#)}Tbf#U0Z7c3C{54q@rf;k<#r71 zr5T@ymGeI6*Jr&LNQUo z02|E?%VZ8~v|qeCiAtktbZk}c;3S$mcAxPLg`4XgR55*-lUGBoLvLzrMVC3$L?D_m z7SvVux-a@^!)qyZuS-crr7VqJeUl8=F@yW0{s9TnBHvz8}N>$yH4()!`6Mc8furBe% zhM#AKt6>o8cFdE3Edq>t#zhPiQEFdMr2U*UVXUzKoi3WmUd-MGFIblx zK^J=@Lx^J9WM}?bDYijRe8cy@LQ7h51>}`{(G;>%QT-aYSr=Pwh?9t?p1f;usQmDi7-d2e#^lVrtB}B-UO|`8K+&K zzeu6KyYx!sr-gp6Sg-Kk_T?#aJY1|6J;8?O?p}wZtdr{R>U1tv-=S0<@mo_RQqHt+ zPVnYH^H;UVx@=e(um+kn z%76)z@(tuc(#k9n24W3Z6--WGQmvn~yX~>3`;(^=C%AWLM_*VhKh5xB#P0_E<<~AH zu4gfyc~a!Kwc*@V9M6+2B+}>pS(0~o!@(7^woEt_AY9YXwei2Ksb;#};zbI-%xbUK zH0^(Dy=SRN{;9o{Ci^Gc-`wIBbnZ&x&CPQUN^mFT_%-J6cRbF1mpixrzsZ!s3Da{9 z{;dCZK&t(~{Y{S+a+j@d5D?llbBm5LbK~|>*~(A@7KyhjrXJnm^7oX~l9e&(`9HSw zR6Xq1nB@G;&i}Ug^9NROK~{4$I(2M(>X;A`IZj07G9Bli+{)~VH8D=U$1GQG8KhRt zXR4yGr$yx4G^tzx%R6s*5_kVe?%=<^caWktr(Tp-9J2T);}oxzL()@T|wZr=bKkdFP6%Xs(UH7KH|bU zx2B~B1m60`N}tt=TdM4`#Y;_n#`CK7sln&39q`dvwQ8JtpV>L*;)mB;PNl@KKIh}r`*-(D;)TxBS49`kGOgUH?7U6xcmNy!mbd2Z z$wm%*PVutlId!FnrW=dA{j%HO#E-koJOBKj8l@8JDO`2!8AI5qgHwZ6q+V5Qm#8`5 zbn?hNJF7Y3OHH-}pIv?6w4k+r^4HDc-t%5g(3TXqC^BtPedTgzwYBHp3GBc5{Pp_X z=G8B^Sw@P*3f~P66qi}M)<)Lq*0JsrjIxPaeZDbP>@#bg)wyQkYR7pti)*u2G+qjo zIC48<&$90)%$UB-T#+sQTdv&t^mFf>R-T&z*R?ryhdVrM>)v?n*Um@nLNEIcORnud zxtb5&&B08}j0}v6gAD==WZ9TQW%*ddSVX$sJ)Kf>tS0uV=<+ zO7#oga|^ZEb1m8_u3vZ`Y#hGqoiE~{)3pk&)u@x`|Pi_7D^PzCP+4=kwQJWy&@D44xERP9Bo$epDHdy79=7Q*ZE7|gA+>QKy`i}0&Cn8%4 NxR?{3W-wJg0s!5)!5shq diff --git a/tests/data_files/pkcs7_data_cert_signed_sha256.der b/tests/data_files/pkcs7_data_cert_signed_sha256.der index 8dc2f4c9cd40932dc37fe681b2419775252db316..cc48123d45d7437b843d625389a2af434cf90401 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_data_cert_signed_sha512.der b/tests/data_files/pkcs7_data_cert_signed_sha512.der index a4aa5875876de0170637190fe7e71da8bbd73ee6..75bdf0fa6badc3f9314d8b7e2f2f97859734ca00 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;n-F ztQMH^sJSux_=PpqJ5SUdYxg+oyJO#pZ3c{zGvXhp&#Ye`6T%YiQIj3?+kfUh=bsjC ze;)EM&l28qG*5E#wL;}HleVgE{#+BJCG<${k(#Ah`(|hH4(Sa7-YX(b?c8{TyDQfwro|UKQ=L8b-_iNE ze=fMD%lX3p)s1T2nP*F8xX#IA-*{oajY7n;)UEv!|8ViNWP45j`Dgn5G$qT*y*DHy z-V5ro_?+vQ%=vi7#Do9qzuZ~BDf{?u>90rbf3h}>NDDV_IQwPG#MalI+mlP#VkWLW QkT-krlajN}Og9$-03&t6b^rhX delta 947 zcmZqSYT=sTEmD2&?j;wWi)a7EIIa-T>D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlXg z^G=tw&I&q$^}o!1%5J;0qFi{n=f}*`S2xct{L2$CRZ6d}h(|s0?rIw^$>R4bZ&muS zB3#k|Dwd<(uk}T154YH9I`br-@U+XDRg}*f)_?B# zuB`$rEtUeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_data_cert_signeddata_sha256.der b/tests/data_files/pkcs7_data_cert_signeddata_sha256.der index cb7d75103daf5ed7cbaf0e2201458ca7c1fad8cf..cb97b9b6f763abacc3dd02e8d6c76d977632f7b8 100644 GIT binary patch delta 943 zcmey!`H^#ig@|&}S)sL}ejA$8W_F(X(stYHRQThGK3-DB2BroUh6aX~hK5n%yv9h} zi5nv7XDtdnn|67P#GKWND@#^b1U&5s-6j6_#J{g;{Og~bv|N+kyK|euqFt4f+_Rpl zp8J1u>1>}`{(G;>%QT-aYSr=Pwh?9t?p1f;usQmDi7-d2e#^lVrtB}B-UO|`8K+&K zzeu6KyYx!sr-gp6Sg-Kk_T?#aJY1|6J;8?O?p}wZtdr{R>U1tv-=S0<@mo_RQqHt+ zPVnYH^H;UVx@=e(um+kn z%76)z@(tuc(#k9n24W3Z6-*9fQmvn~yX~>3`;(^=C%AWLM_*VhKh5xB#P0_E<<~AH zu4gfyc~a!Kwc*@V9M6+2B+}>pS(0~o!@(7^woEt_AY9YXwei2Ksb;#};zbI-%xbUK zH0^(Dy=SRN{;9o{Ci^Gc-`wIBbnZ&x&CPQUN^mFT_%-J6cRbF1mpixrzsZ!s3Da{9 z{;dCZK&t(~{Y{S+a+j@d5D?llbBm5LbK~|>*~(A@7KyhjrXJnm^7oX~l9e&(`9HSw zR6Xq1nB@G;&i}Ug^9NROK~{4$I(2M(>X;A`IZj07G9BliT*mB*H8D;;&#Y8Gp>&tW z!oLsYnw2~EzFWtc(tTXy#0eecOHM@v&t{A3KM`9S9TY7rDz0g!kz`f>?s58Do*idB z1#^RHIC?Z{a(}V1+p@cMDwUO;|GoIB>l~RnTj4#Lv5E&D-;Zqd-0*(JjYIX*{H!$A zdP(*DieIwqCCBv{6?e9pl*)Ya2#h@xT3^nTziaaTy!Edhh&{RA#t`45{`}0bDE70R zi4%|2wpcAaz5pP1I1;iB`guUuNZ(b2>-;jUykbHVe{*-&utLu&g zHOB<+^!hAhr?*nGNH<_%*nU4RwK~<88l@lFHWW?l-8<`2s>*k^jLkl2SDpzt=(&CE K-PXkP^)LXJcDc;} delta 943 zcmey!`H^#ig-G?iyO&&iE}s1tQ8JtpV>L*;)mB;PNl@KKIh}r`*-(D;)TxBS49`kGOgUH?7U6xcmNy!mbd2Z z$wm%*PVutlId!FnrW=dA{j%HO#E-koJOBKj8l@8JDO`2!8AI5qgHwZ6q+V5Qm#8`5 zbn?hNJF7Y3OHH-}pIv?6w4k+r^4HDc-t%5g(3TXqC^BtPedTgzwYBHp3GBc5{Pp_X z=G8B^Sw@P*3f~P66qi}M)<)Lq*0JsrjIxPaeZDbP>@#bg)wyQkYR7pti)*u2G+qjo zIC48<&$90)%$UB-T#+sQTdv&t^mFf>R-T&z*R?ryhdVrM>)v?n*Um@nLNEIcORnud zxtb5&&B08}j0}v6gAD==WZ9TQW%*ddSVX$sJ)Kf>tS0uV=<+ zO7#oga|^ZEb1m8_mF>basWgNK3m>(BbQ>zB@$hv^k_K#NKkSoC=t^F8<96 z+ZY}5=8ZGDz1{9ic^cZjko}dY+kT}>U7Ypxsag(ccQjMgCSFK}H^smz)5r|NaSr;FjtdAAH^^7)4sC+l5`_{UV1ZaVW;{yEdLYs=LZ z>}K*=J2SiE!RZ;TKCffA^NxGm{CO@b=Zbl2_nI9diCyaYpO=Updr)t?VMcrT-#0B$ M)A!d3FzH?Z0FZ;e(EtDd diff --git a/tests/data_files/pkcs7_data_multiple_certs_signed.der b/tests/data_files/pkcs7_data_multiple_certs_signed.der index 4a237e9d145e0f4afedd8c3bcffb3bf146f96c4a..63d7194c780f077116a277f4c268f20744f81d00 100644 GIT binary patch delta 1910 zcmaKscQhM{0>&$1tAqr(C_)jfkz53^S8cVqRMD1Hi?mg-#R_6I#H~wlOQNVfTWZCw zQ;Hf@RWr3p&8k)Jz5CaD=Q!`r?|k21-}!xCKcpW*Hit^y8sw|sx2lfy&L$1)#ZQ|J zI4!2Tn+Yi)Rgh{ZBuX8HauK|!^k0$!2BOmsB?vi%4ujqw%3-->@Y2U6YSxTIhi1Xk z{$KmvpsJ;}>gCwfrbh9?=8z2Idkm?ev#FwI77?H?>p^(gh`c? z5N6~^RGHTjLC(jrm;Vq|d6;XrT zwRvh{$@Oj&28T)>`{C7f{O-{)MRa4w9Pt*w%yfZ?YKOEzUSef-xWoe#078Y|2YeO4 zK{j*(SkipU6icni891cae{4x03@H$GZh%t5B1On}6TfI`yu?T+8z)|M9j1ysMU6Ng zM=2IhjCxi9RkPnh`!rB_FWHxGtHH2&Cp7;L)%22_dUB^VBs?mq=IoM+ELNLZD1L;F zm<*3;-_U3&g5m~RLzLUevvqOTY=_1?r|R8z zhQSZ*>(i>sbC{d9m^=hYPSYY1;K1SCh#5&d`w^9;{@}RSI7!06o_E!&q23d%R${f3 z23ZdrbH{HTm`#x}0Mv74022TJm1i&PHUOR~W&h~;~`Cbe5LPJW;E+$xJQ z7Y1TF##Mh)a%Ci316bbSvfK`ad`o^N(X?`a5CK-|;cV1Sge!^;w-_`M(XUdnr|A2M zejBO#;>;oo%Z2%_mcHQp$Qdp z5%wDr6?L$sT68%;)?DBGJT}*qJOsmv!O}Gj@-jejD{pEGwe^44JTLGMo7ri|(>X`# z-mmR@S|23gmDkfg|Ng=ECpJ0xg^SKy6+l0qau^`?evM#_5zi7=z(zt04zRE;EwBw! z3~q=qYMhmZ{^_z(ISNcbm5f{vJH&JDJ?3<@6k;s%YYb<1`Q*KUaGV{T3d66BJbp?0 zR56WsW6K7rZEpLxRxn5+%-!-Wb4uSZ&}6!sR9z50FA|$Ik>N4tg{l-5Dj}^C4U`>J z-D$7fZ%Jc{9iTX#;TdPWx7 zGIO-!YiKKOW!(9!j*@0NR5((Efo^ z+|Q&avPlrgfz2ibr}Lt*lBCwnN{&0pebD}XImuD|M-RR}6I5IhsBpD)h42f?q7k<+ zgv~{49{1}(Q(iyYaP|~LxZe>An--f9Ndk|5e@tZ<<%&dVL0V+p;Pl1WKZvH)-~am9 zNqB07K~$Itr5(A`UaYcD{uTVWK{-%l$Hd01(}55Kz%^6a{j1jI1eRvwFSw`3EWhh@ zVH+fQruRm~VTw8~P6m&2Zx-7t+z)g9W-kmD6xW5A5q9fJ>~x}VgPmg7I9%qJtgy&# z+t?d+O=i1%+6twzkL0Zj9NVqTq$8zP5rJFr)sNCsTXROeE+4Sot+VhR`wG@oxVE3# z7z5bv`gcWo=MMLue%QzzY0{dG>+rLCwl~ui(}=4xg{f_3@cyewm_8eIxCK}2XH$`J zRSzzs*h4_)c(i7lw2t)c;Keu=N~vxTw;s>>cCTtfau~&TKOtT-Tl~{_B8>+k>i}a8 zscj$2e}06MAN7~pCYY!k;Co&)uErn4{Hf=0=Ce*Vs)y1E*jYoU)A+LKc=P{x1j8Sg|SjW&o_^T;o&*+y*r%wCHE6w zjk-(4;)_NQobe>j*F8BI^3~e&bP+CC62Voz%0?JW<_-=hU;Cig(IL NM1xXe+5k5U{sojEY|H=v delta 1910 zcmaKscQhM{0>&j#t7?Xz6}1&5NeQhzFM?81yLKaJNnLxyPSM&c+@>{Jxwg`fQo9lq zEyXpWT3lPBbfLWW?mzFmbDa0*cfRkh@BF@xE=U*5MuDRj7~{s4??#SY4aj`TX{{er z0=shDEyNIT7(x?{gu~R4&X9A6EB}>we5}ZvpHg@_Wel74$2;a`%aD)jnN^;1D#wgB zo^R8JCxt3X)FY|VMieN`hK;vnTZ7<@(C0C97uN`k3+*ks0^Z(lhtYp9K-8m?0%sXF zbHS*ozgcb$^%UG7`%X#{L}I!P2m497*ZzP!Rco;usp%f(*ShZgwHbmUt!FEV^1TBW zmg6Id*YWH-9SQtKBnLnaq2XG?t0?L<^XInpsfHO2`X5s>nx+n@ zp9li$nSG*lSwmJK0B#g#e;cb~AvA`GO0olj04#tCJD4p@oDGB)=V29Q1*h+<m0eBS4&qg z*1EdUb?~@yec4{i^r#Q2c(}WOUTf`TU(UIAhmCqqPbmDEX%-vY{7$ zgkLIH2%Y@S-S(n>(funs$3x!+s8M0yd*#j`eC?0fMKmK(stM~Wc~37v#x}yqwb*$b z@(XpfI9yk(sPz>ehrQ{(Z0Q@$O8ea0#GbZN+_qy>_$@9S6Qr7i$?Q6IjcqXKGmQ@u z9teCXC7_f;Y_jB5=r$(UWCv66I^$C_viCw@i6C=WA`t!r1Oxzq;G0%xec1*l5+XSA z`8^)yxxJXfm>hTGJSK?k|KsV1A1qKW{QbB}@IYe4exft}n3`{FXT54OT^wV8Sn?y| zR%G&2qVtn=q%XI`k$8C#Rpz@(%RXkIht%@@p1q5@A|aVe5`DU|V}rko9pDt^gcz;* zIDs38bfTNtL&^Cys>|!oQFFQ%`NO1TKr(Ti2}zEm;JWTY9LJ&?potydyYd&yM|S9J znkr7K%PjJbe7i!*))ElD#&~yE3~Zno4Tm~MnYf9e4A&%=*umP znOI6_NYs*WC%G=Wp!#(dHVq= z*D0iDjf#2Pn9CY_@j=6uv*y{pE>rmXMdxlsnOW z#iD2NiNhFUclNFj!13aQAs*MEX7GBW)@WiSoKTvS5>(wQ|48w+f;>Dn&?K3t2a-6i zbcjB}Zt5y4cXqtUnwc5=dt6#dZTdK=JD+l!AJf?MTpMT2Vt1$9j~>eN1n>2=w@&fC zcY4;BSJH4RuI%Q$+nw=rMF=c!1x7r3tJ3DqLy*4%NW%Kl23Aqchwb|dcp`8o&z3_M z0tcS@nR%-0Qh1lGziFiL&_Bq2)7iojR-mh(_x*~D4O<5HW7I2$yoK2jGh z_oN+YSw{@Gzc^f+V!7#h_AbqA=I5w?;CqdfjM_G^XS%%VUZv2$B3`Glm=OMJE7`fI zE0zy<`R%_eGB|a(|MbJ^Q9SRiL|p1nnew@e=kokq)8nd1^S;vYW@iUka^1p(LEdnZ zGmu%n#7sr_>CBZycgbB&q;wu=S%c#>{2$=8W8)Mtk?p&QUezhFYrR|ol=9I`D?FTW zUeqpk%rm87RIOprvG7bZa=i&h8Hk(iRS4`N>-{Lh&^mCO`1;l9kJ+UY$%jXtd6`E~ zFQnzs#G4@@yuz!iVX0Bezg~My?Yga`tWvG_3o9_*nDXK3RtnN5gC*?cjO!f$68g<2>>dzYQ=5t7!0rt#!NSgDRM+I@4Kd15XLAEtm4+PJVlksJ}mzNsFr+5 diff --git a/tests/data_files/pkcs7_data_multiple_signed.der b/tests/data_files/pkcs7_data_multiple_signed.der index 095b80ce1b2b43bc24694807b247e96fca78f576..cc441fb7ce1cbf5f4eab2bc127d04a48b7144f66 100644 GIT binary patch delta 578 zcmV-I0=@mJ2C4>-eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@-eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o Qd?L~FH}8@@16l%P0EoOF4*&oF diff --git a/tests/data_files/pkcs7_data_signed_badcert.der b/tests/data_files/pkcs7_data_signed_badcert.der index ed00f65fa3e418f7d03b508ed2b54004d92506fd..c74d69dc0d5b9c2ff3a3c45e86a0f96fadcc4a60 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-Qdo8pyIShsyG?h_Q%BpD%tUmM{F)zL>Qy zXSM#yfC-cG4dg-6$}AEFVhvaoOip1^t)H~J?Xjo(lcy6WxOZqrUsxg#&2tY*a3|&XHRkYlJkEZXJGcM8$&|tg z({m2~tp9gFs{O$IO^+6Gm#uFQ5ZW|zi;gmLdb}dr@uT|OlM8=2PDJH09p|6i$?S?XK~8?etW-at zbeG4%zYpb_l{@#oTgREweO%;XRtMiU%Lxk8Jha@P5XPL-o`A ztTfhoN%j4TU$X2a$MqQ%cea|8%6#$&j6D=uU(S@jYx4fQ^{*a?J-Oe;5Z|Nz{LHZ^ z_OqRd6OYxlSS>xkd%fZ+&%5OzdfC+xZ$hL6#1$Nbz3M-2UJ-2Hkbm}&e0od%lzY>w z>y899#{}>6`YdFpw^Fl6H(+7dem^g@I@OmNr61Zh6iw{iJL^)a%6GPm%|2;Yo(VYU Nxqa>3*2MJnFaQ>D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4Hg>6vN4Cs^0A1qh;+SsI;G}VP3%?C z<#}3lXAR#4{XJnI50X}9kuVTzz^Y(!3X^JmlWg{kv#zzTFKuXCv#4(0S^vpvPH4DT zTfW-=YyOg#PeQES{v4Lmj`k3*WWKj-+N>js&ZHKkGEexpq1SoIp`WG4-*$gC%_)+w zU=nhb>KDA{7HYHSTC`Kh-5uXDOkOMAU9{q}b%dNqOK8<8=_&6z4ex$TFyFphTv&0X zq}lpI^?&LgPrX-q^*hgwt?M4de`V+BOL{)hlm#wRriM;Er zmzgivPUgQqE|6ZH!?a6DNPFVUjXpdY2VB|%CKT+fx4m@jCR0)IUeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der b/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der index da7f3a9910f62aa76ba08523e29d6db28c46cacf..dbe9320f8e8d9d2a62324210fe4bd6a6e5635f87 100644 GIT binary patch delta 871 zcmV-t1DO1w384v)eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@ z3xnKA9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z( zK#(eb35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q z#_|fDsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$3u1qXPf{ delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5C$#KFoFSckw7{ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705* z{9%)h{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3 zNP(`od?L~FH}8@@16l%P0FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<mmPYQeKfSj)m#nqK&>vA;>F=I>%8tAxsN{+({hO zH((1zgZTo&)qy;|CO;-)c;kcxlc_*=3_%X-@y0i`i+hu7^@oN$nIPKLh@=h^DODH) zd9uIMo}l_~Ez)i*@qb7)_jbjmw&{lVf|WsF|7q)xMYI&be`nuB6j#;OaV0>IDt`%! z7@mAEskK4vq=m`){@)Mouma*LZJmZ&6V-I1jYqsOR0N`fC3m3i`p_YKn&HOs3ZAHI zh_}*TC4+XQ(I^UriD9_KnvyNBKHGp0$f9pJU$mQ0u)bMX`}|wryj2@wR1-w`Qf;)531v0E9m{&FV9&_I6yN$Tf)n zXWSHI)R~qG^iz*O;eW@$0$ZH=dQN`XaNRl?<1}lG7o7h(PxeZ;v@&bq={)(au delta 865 zcmV-n1D^b$384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGld}Oq6jn`DKqaqPo-%NG zvT_da4fA~ae36kNe*|Ed++Qo1RBd1 zB;+aZhB9b9+o5~ECM|-tzWO^(6o5BsjDI|Rekx~qyYYfzs)c>%!U__$qRx&@e=*$~ z8B>zaVTG^GG_T-TmIZq@>9KLP#(vkrC~Uu|Klq_%$GmX~f3D}(;gFltg!}wqlaBnQ z9Ep?19kUm64;JU=c7}T7{l#L|@m=MG=ebVwmZN85XQIohx3)H9ivV`I)y?tXmq6@l zMH~N9PWmBGpF5{}fdRQ5r{!JS{uBXGaA()B8Y&2R@Q7TAN{7$3j7@&%kYGrGuDN_7 z(epR&l0E}k0%QP@JU$mQ0u*9La+r0Vjs$UvB7bcxyEpw3m3~@u zfX)Op=_kW;6RtMw5Qv3AvQ3mpu57W&;IeouzH|~EPGR=Uax2qDgY!;Fr zCyjR(w~9PP);U@e3X52T9K0zGPl0{or2ZD{(09r+psFR}HOzlzRj3Q7uIz`9Te7EA rS+~5!p)>NCG?TO+{PsN8qmkq0_kfhjL@a<5L<7qTUjV6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@ z3xnKA9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@myUp%v=qT--$WEw)z)z( zK#(eb35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q z#_|fDsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@hLyKs>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$3U@qW%B? delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=W=`ym1Mx=hxwoo705* z{9%)h{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3 zNP(`od?L~FH}3|LJ_A~00FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$1;5qXPf{ delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l@T05F09a*;qf7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@)531v0E9m{&FV9&_I6yN$Tf)n zXWSHI)R~qG^iz*O;eW@$0$ZH=dQN`XaNRl?<1}lG7o7h(PxeZ;v@&bq=APS*` delta 865 zcmV-n1D^b$384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l%P0Fx>MK@?&~a+r0Vjs$UvB7bcxyEpw3m3~@u zfX)Op=_kW;6RtMw5Qv3AvQ3mpu57W&;IeouzH|~EPGR=Uax2qDgY!;Fr zCyjR(w~9PP);U@e3X52T9K0zGPl0{or2ZD{(09r+psFR}HOzlzRj3Q7uIz`9Te7EA rS+~5!p)>NCG?TO+{PsN8qmkq0_kfhjL@a<5L<7qTUjV6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IF4PC$Th$22jqW%B? delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l%P0FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&zyMp@IPbZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<=z#z2t@Qu^ diff --git a/tests/data_files/pkcs7_data_with_signature.der b/tests/data_files/pkcs7_data_with_signature.der index cb9d1267fb31d7633f5ef781447f8c82b8a8f118..b98cab6bcf88f31d57443e44f09e3d28909f609f 100644 GIT binary patch delta 289 zcmV++0p9+;1HJ>0h!i7Y%@VB@POyV!nTg8uhTBTYSL2bKB7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-0h!lI?-O@x%(aru`L8uTciMQV_Y`>A5B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v n&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGzD$e9 diff --git a/tests/data_files/pkcs7_data_without_cert_signed.der b/tests/data_files/pkcs7_data_without_cert_signed.der index b47fe927e5b427158e0d5f27002e6e1ca885dd63..390361fe10665e488087977e2a247e49ffe59448 100644 GIT binary patch delta 289 zcmV++0p9+z1G58=eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v n&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGjv-eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@-eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZGNBY!O;tc8uUVcl zaCx$F4)6{0eEWQnks^NtV3^!rE1BcGF4kl%e+psmtHE42$73_R%Ogdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o Qd?L~FH}8@@16l%P068xot^fc4 diff --git a/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der b/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der index 3a4287426c1758419224ca36729255bee68c32c5..4f059c270531c0ecb55e435645aa1dd6e7ad3cfd 100644 GIT binary patch delta 868 zcmV-q1DpJz384v)eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@L!ps9Jr^?q6i-`eqz2HZ9SosqP_Jn2y#;`e9?8R z3QrM0rU~^b>G>XM`1RI;c$jrNBhMc3h&! zHHiOb+!SQgnU)LmQ;$I5f5*WBTb%lOPJY?s907!sBC&gB^O9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l)Q0HKjRJr^?q6k<;EE|~yQwH&YqJHpTYr=Y&P3=q zfX5j`Msn<#bZe)K#J%KoF`WUu=X^=kjTY0g=^QR$=rBB^*X^Tuf7r8Jrz^2b6{1U4 zyKvkSNJV9Ufe`;)wTxExf1pEF2jjz1`}Flu2J)B>)6GITeZO%x?tdOK&48n~s}i(q z7Lp(*jdvHfiabTuIa(76i&%slyeSS(fqmno{ub=ecgi!MswLtz%ztK8s0*mB?1zwB uvZqv8x4gxnGxC`lp~fRxHaEPxb51Ir3u0Kdi>0_cDRIjwU5 diff --git a/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der b/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der index 898ca6777a799d3b720622dd95bc7949d2107fde..cd77545f34528bbf6d5331af2285fcfe27a3238b 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der b/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der index f4b4e384dbfc145a6c0382f71b51c8718701eb1c..5efa3a94f44735a620afbff95d1c6aad243e68ac 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_zerolendata_detached.der b/tests/data_files/pkcs7_zerolendata_detached.der index 2a389ab484991c53322dc87f998c23666c7f40d8..5f9b62eda71afa772b6a95266d9d7038ac66b3e7 100644 GIT binary patch delta 289 zcmV++0p9+z1G58=eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7bH7o!4`gS5K5wuvUbq zF6!DvsX?v9BQ{clJ}Of1VfI8P1MY+-XR?ZMi)PL5EgtEaWk4=?8bTI|{8_WJNePAF zfF?A$fI?WOEbig*yoOaV;?qZ%sw%W9CW6vHrWL4sua6xd3MA3%kEP8FL>!|E$Ojz% zh=m;deMcsh{eL5+tx!DHEVJ;9r+o8FB|V`GL^A~;LPFp`XR#T;%m4AdZd9>-%^O=L z>FhlpOpaWkZz7#@IOt0m)Q_Mncf2;bQQ^@A#QmlIH!zM(UG7n!ka3vy(v*MLkGqr~ nWsJXHBL@jkqq?a|9_B7a;7I2$7i!rx~y+-FH_ zOIzeiTb}iR70w~%C`}qJ!v*PGa|D*Lnu{c$Kkt=jl8wZnndbc1Y(FsLCDC*RoXeAH z4W$dWC0w^ShWUUGu+x2i1=JP-?3>cIY!@Z6f??Gcjwu~^vFQbs@wI!EBN%LE=BvVl z=$nT5>g`n;^M9wimT7SWc68Oqv?n?s4au4F*A_#oPF4(DNp`YDQ0L^0`wAhxd(Pt# zsN~Y+F|5pzKcl;u>E}Obtp}zKjl^)IPPdofS_K^`4ux|pr6h6(B`px5r68 Date: Thu, 25 May 2023 10:21:41 +0800 Subject: [PATCH 453/483] Update server7*.crt Signed-off-by: Pengyu Lv --- tests/data_files/server7-badsign.crt | 52 +++++++------- tests/data_files/server7-expired.crt | 48 ++++++------- tests/data_files/server7-future.crt | 48 ++++++------- tests/data_files/server7.crt | 36 +++++----- tests/data_files/server7_int-ca-exp.crt | 50 ++++++------- tests/data_files/server7_int-ca.crt | 52 +++++++------- tests/data_files/server7_int-ca_ca2.crt | 76 ++++++++++---------- tests/data_files/server7_spurious_int-ca.crt | 74 +++++++++---------- 8 files changed, 217 insertions(+), 219 deletions(-) diff --git a/tests/data_files/server7-badsign.crt b/tests/data_files/server7-badsign.crt index 954b53a5b5..e0d18b0a89 100644 --- a/tests/data_files/server7-badsign.crt +++ b/tests/data_files/server7-badsign.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK0 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO0 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/server7-expired.crt b/tests/data_files/server7-expired.crt index a25ce4b07f..9c423c9618 100644 --- a/tests/data_files/server7-expired.crt +++ b/tests/data_files/server7-expired.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTA3MDYwNTA4MTQwM1oXDTE3MDYwNTA4MTQwM1owNDELMAkG +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDUxNjA3MTAzN1oXDTIzMDUxNzA3MTAzN1owNDELMAkG A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr -d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv -bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC -MAAwDQYJKoZIhvcNAQELBQADggIBAHcG1ysT8yImc0x3Z2O0SOtSYYjCPS1Gc89j -fWdBSoS5YhPHLgEjHQgDA6XdDNL0eUo3afhucEvSexhqLUABLu89cmi7ST+TsTEb -/lu8qZUgpa1bcMOk1+whl0JllfcDEq2y0aclkO0/6M6JftNNJ3egq2qVBDEszTtY -zcYZIr1o04TNp0fAtmPUH6zjpBkNB0DQyKFhgYPJNwTapj6ZDVi1zBK3wwFfZfgK -s3QvwhWNNbHL4B0sPec/6TiF5dY3SeUM4L8oAGdT7/ELE6E74rFyS/EpjJdVzXDs -FfQvUDPb6PJuWZbr4mNg/FANeGPa3VENcPz+4fj+Azi1vV3wD4OKT7W0zIkRZ+Wq -1hLFuwa/JCSHsn1GWFyWd3+qHIoFJUSU3HNxWho+MZqta0Jx/PGvMdOxnJ2az1QX -TaRwrilvN3KwvjGJ+cvGa7V9x8y9seRHZwfXXOx1ZZ0uEYquZ0jxKpBp/SdhRbA5 -zLmq088npt7tgi+LcrXydorgltBaGZA7P+/OJA2JkbIBBwdSjyfG6T07y4pgQ90h -CeRqzu4jFcZE7mjpTdEyxAQRJa2dhHkhFB7Muq7ZTi3jlml5LZnlbUdPlR5iTgOU -yueZsAAEb//A6EU008WmG/K+EY230JxEUzGNf2l1j1H94HcP9OwjY4bn2PJdVzcb -B8PmaiMB +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBAHX0pu54c8rk2F76lxnMKuS+C3Kiwab0KxII +ZkpAgpk5sj2KxiGrNLDhK0ZGjVlVuUjauySVuBUfrr8GfjQ1xE7RUrxwBrEU5fVs +FHKscBF58AaIXIPf5xIuCdc2C487Leuu+LIbGsg9EvKq/pg7avIB9hSjvwn5W3m3 +3o8eL/ahD4t5rh8r7hKptY+7dqeraBrmCnitxsRQToMV+jy2RCGD3vYUDxyJc3x+ +m3o7nWGreyLCqPCRgeEh9RKbbhygcoBtdjojZABZmlGa9BO72hK5lhy2a1QiIOiL +OoBgDFf8gVo81MX02RtSQISZLq/hJ8smtil8oaKgJ+VyGjfCR1uZY7RpaEfP4U+R +tX8gqt/4TJ4mIJOv4xL12XsV65rZuB7+yhZ6rqWRlZx9Aa4/GqxIbALrQPs17uRX +41TPIdz3Pjq3w3x3bdGxbyF0TvJRaeobB60KHlrm6DWltY7k2Ucju9oTko6bJLgp +rCRC1JkTXzWS3jZDqULTVPxDsZjVRqwEl46PPe0gSloB+h/ulq8rNIG1snWTGdNQ +Bovbko9lFHA8md8f7ZULQ6pB8SV/LH2qufSsWb5LY9ZfHUprwH2oBQ+A9eYkk5ZR +LJC879ZC8w8LMQfBGT22fLnOJ2qS6GyguB+y17beF8RMgFpiFTzoD1nPQAd9cyGY +b2ta+9o9 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/server7-future.crt b/tests/data_files/server7-future.crt index eeb596fc29..b725eb7348 100644 --- a/tests/data_files/server7-future.crt +++ b/tests/data_files/server7-future.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTI3MDYwNjA4MTQwM1oXDTM3MDYwNjA4MTQwM1owNDELMAkG +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTMzMDUxNzA3MTAzN1oXDTQzMDUxODA3MTAzN1owNDELMAkG A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr -d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv -bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC -MAAwDQYJKoZIhvcNAQELBQADggIBAHF4y9PmCUF1yOlBIUCUAAFMZmXJwOGsMNKI -u0+At0sbs+W8J06PVyYt4UxL4TyIxHM6SOvKndFdCQxG7NQY0KU+HBdLVUM1iZy0 -Kopg7yHvEAZ0YWPptgCd10C/wmTz0b0R3cxhSb8FZjlBjNB7dJKhRQsh0za+GMx/ -LXunH/t0oP5an4yO3zTog+4+7bDGGEY7SymQJ9Z8t2gdZpn/r60j9IGhL5XI2BS/ -+cU96DMF3cMmFk24vAfduYicKc8KowhUpGCsIP0bl+TY8Vq6kepBA2lnj7/YOkDs -/f+wIS/Id/hdw9KxRUPX+cQLUt0/C7JktDVudZ5zLt1y0A971R+23ARtJGUBJGSp -5tkVX8+hK8sT6AVOkcvA51IOBsVxmuoWk/WcjBDdOjyIK2JFdbcJYvR8cpRbL+j8 -HdQEu+LorvGp28m3Q5mBTKZLKgyUeQWrbYDqeub1OvYYkuvZPZWFEDP2VYcS7AXN -IoUSTcMyhLNuncQl/z0Jbkto59+il6cQ2HIqkubLBk2X8uwMw2tloROlmklweHqR -ta6aRlLxBMgccJpK7cU5H8TMb6aR9GJGyzQJ2vET3jPBq/uEwbvK8HRVJ7Ld68k6 -ZMCwXGdTeYuDWt0ngAhf+i+GNexJRSLvzRGt18DOrpmj2X3naarNSTfRArm4EINW -WKW7hd8h +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBAFgzS8NNGRayelUleAee5udbk9+fkkxvYA/p +QEaD+UvuSmgJ7iEU0gx6cJ2RcEbg/NqgrMBni8ayiGptOZRTq4j8bPcrZZCrcsvO +jFk/yXwWIv1hRofQ8wBynPOgbtPJ5J7zYkE0sqXbAPOWeNdya+R0CuSex5DW9kj/ ++tiXGXdGiLKu/FOC9tedfsu67a+ZEK0Q3rbFqsWpHdQcKIEN4A18xPBXNtx/DJuq +0+fcjtIsigpRvLbLSFuvSI5vWP1MFyuMDTLYVKN1PceRg2yxpKecKbsDpeSRX3R9 +Fs444mDSJs75i8fkdXS4GLXfJjJOft3HbRtEEznF5sITppjr40PszMvOj2njWPPn +o3ECca7HbhuhtqIGfM5+2mCwPgmm7fEmYILVYgTihFfPKUhGUKN+4Qp75gOzMKds +7t8NRFTKPEpFmicc1wKfEsp22UWC6azyTu6iVByWlt+fojFbdHjvxDY8iIqBFU6/ +44uLMTxu9r9gMSZK9sX7vGIgeER3RnArP0ZSxAvoxG3lu+QQXwItxnTKQnA3CDra +MkmwSM5kMewO/Ub1bgkdQ3j/DD0uSwreEdg0fvxaAJIH2N/lOFUWPrzbg8TJR1Sb +ohctT+uAKoPQrxsZuSdrz9QHOdgkPR6gp9bdnXkZSa9jGX7Pd5Ur5LDEXljol1ZL +T97oaKB7 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/server7.crt b/tests/data_files/server7.crt index ed087ef613..c5c2cb8c58 100644 --- a/tests/data_files/server7.crt +++ b/tests/data_files/server7.crt @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- diff --git a/tests/data_files/server7_int-ca-exp.crt b/tests/data_files/server7_int-ca-exp.crt index fc0051772e..a3a8f69dd1 100644 --- a/tests/data_files/server7_int-ca-exp.crt +++ b/tests/data_files/server7_int-ca-exp.crt @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwNTE2MDcxMDM3WhcNMjMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX -Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep -773Ap7Gxpk168id1EFhvW22YabKs +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAJH0e4fySJI2nJt1Knd+yU7zn1jTFDAABJMbndhR +07OSM6vwUaGSMVatSzr8ah+UDgIwaI/MBcorSxT92jAQb1W5dJkEudoYSg49fjAf +z0BtLCVhFwQlrzCqgXC98SGfT6sZ -----END CERTIFICATE----- diff --git a/tests/data_files/server7_int-ca.crt b/tests/data_files/server7_int-ca.crt index d3ddc46a8b..cb108a46f2 100644 --- a/tests/data_files/server7_int-ca.crt +++ b/tests/data_files/server7_int-ca.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/server7_int-ca_ca2.crt b/tests/data_files/server7_int-ca_ca2.crt index c289c0aadf..097447fd0a 100644 --- a/tests/data_files/server7_int-ca_ca2.crt +++ b/tests/data_files/server7_int-ca_ca2.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,24 +39,22 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/server7_spurious_int-ca.crt b/tests/data_files/server7_spurious_int-ca.crt index 632c4fd13c..fdc1146231 100644 --- a/tests/data_files/server7_spurious_int-ca.crt +++ b/tests/data_files/server7_spurious_int-ca.crt @@ -1,49 +1,49 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBABN3b1ltNlBQ9PhwJhxBWENlMNdy1vyKBGH3EdZ7w4uHJJOm +w8JS5p/B5+9fDIIOThDr80hLq4QOQVJhxAT1/Zsb2OzsTxc1BaCNbBv2Y+FyFcpL +I8EjMF+gnSgbs46kGKce1EJNrZrkvpCngtNj7qqg9qnPXd1en0z349xHJPmYuWEb +9sHdVlwnebPm1n9u1NzpktAChb28UFnBYTWraZCtMBMozuMhz6mo66XOEyH06Ypa +QPOlBmbgW/e+fuXow41QUqP2tvVL6MsmSZFWk8hr45rNRzeTok1M5bW91sZ78We5 +95m3T6IE+qpj2/RILncwy7vWBlFzbuiIA3eSJa8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -57,9 +57,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- From 1fa43077fb8a4ef2fdfe6794ccabc2604b0bc068 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 10:44:30 +0800 Subject: [PATCH 454/483] Update server8*.crt Signed-off-by: Pengyu Lv --- tests/data_files/server8.crt | 31 ++++++++-------- tests/data_files/server8_int-ca2.crt | 53 ++++++++++++++-------------- 2 files changed, 41 insertions(+), 43 deletions(-) diff --git a/tests/data_files/server8.crt b/tests/data_files/server8.crt index b435b2deb5..515b17b3c1 100644 --- a/tests/data_files/server8.crt +++ b/tests/data_files/server8.crt @@ -1,18 +1,17 @@ -----BEGIN CERTIFICATE----- -MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59 -quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB -ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q -AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr -u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb -J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v -AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA -J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ -BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg -VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz -2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh -2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA== +MIICqTCCAi6gAwIBAgIBETAMBggqhkjOPQQDAgUAMEsxCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDEpMCcGA1UEAwwgUG9sYXJTU0wgVGVzdCBJbnRlcm1l +ZGlhdGUgRUMgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQsw +CQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9z +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANscfy4Lzb/O0XUQoKK4 +zn2q4gXgethEY4+1vcCwGbk3uBlKDvFddIBnRocG3lt/BgO9wY1eBxXUW/Tc5c89 ++cERLK5quYq9HWdmF+pOvdsVmoKH5PB4w6OFh7D9n6mZX+Mz7MzqC7VhXvFJfj+j +LeoBDMxCmnabxNA307EXAWEBFll+HBfDU/3RcstMYBXafeLqrVDvjuKL1Gp3VdZw +2Wu78e45BDijveLR4GZr4pxHmeko5rb8LspnQ4To1YPWnZhrAT6B3Dx6yvnznPfW +KBsneHzD0NVjp4E0ia0lar3y6u36V/zlNMbBD3Et0ggQG61EQeD+eaBjk4qxXemw +7m8CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA +J2F2Dx0wHwYDVR0jBBgwFoAUD4m9Y0Hry14XKP9oMD3BiNCcWDkwDAYIKoZIzj0E +AwIFAANnADBkAjA3KJ1/SvOZnpmtqturkt+0DhQIXGMRDPnPksCuy/wqGHR8DsWS +dEa7PQEgrbA60HoCMCpH2fYtcAfhg5gGg+QxmVsUIt/9Gd9syQlnX7wNCfweUeSS +MxG1isOdUiQTajM1TQ== -----END CERTIFICATE----- diff --git a/tests/data_files/server8_int-ca2.crt b/tests/data_files/server8_int-ca2.crt index 7a8da717d4..e99727d369 100644 --- a/tests/data_files/server8_int-ca2.crt +++ b/tests/data_files/server8_int-ca2.crt @@ -1,36 +1,35 @@ -----BEGIN CERTIFICATE----- -MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59 -quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB -ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q -AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr -u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb -J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v -AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA -J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ -BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg -VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz -2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh -2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA== +MIICqTCCAi6gAwIBAgIBETAMBggqhkjOPQQDAgUAMEsxCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDEpMCcGA1UEAwwgUG9sYXJTU0wgVGVzdCBJbnRlcm1l +ZGlhdGUgRUMgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQsw +CQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9z +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANscfy4Lzb/O0XUQoKK4 +zn2q4gXgethEY4+1vcCwGbk3uBlKDvFddIBnRocG3lt/BgO9wY1eBxXUW/Tc5c89 ++cERLK5quYq9HWdmF+pOvdsVmoKH5PB4w6OFh7D9n6mZX+Mz7MzqC7VhXvFJfj+j +LeoBDMxCmnabxNA307EXAWEBFll+HBfDU/3RcstMYBXafeLqrVDvjuKL1Gp3VdZw +2Wu78e45BDijveLR4GZr4pxHmeko5rb8LspnQ4To1YPWnZhrAT6B3Dx6yvnznPfW +KBsneHzD0NVjp4E0ia0lar3y6u36V/zlNMbBD3Et0ggQG61EQeD+eaBjk4qxXemw +7m8CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA +J2F2Dx0wHwYDVR0jBBgwFoAUD4m9Y0Hry14XKP9oMD3BiNCcWDkwDAYIKoZIzj0E +AwIFAANnADBkAjA3KJ1/SvOZnpmtqturkt+0DhQIXGMRDPnPksCuy/wqGHR8DsWS +dEa7PQEgrbA60HoCMCpH2fYtcAfhg5gGg+QxmVsUIt/9Gd9syQlnX7wNCfweUeSS +MxG1isOdUiQTajM1TQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- From 89d71e241a7f70f0b3b768f607a1932d712811a7 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 11:04:53 +0800 Subject: [PATCH 455/483] Update server10*.crt Signed-off-by: Pengyu Lv --- tests/data_files/server10-badsign.crt | 16 +- tests/data_files/server10-bs_int3.pem | 32 ++-- tests/data_files/server10.crt | 16 +- tests/data_files/server10_int3-bs.pem | 32 ++-- tests/data_files/server10_int3_int-ca2.crt | 54 +++---- tests/data_files/server10_int3_int-ca2_ca.crt | 138 +++++------------- .../server10_int3_spurious_int-ca2.crt | 70 ++++----- 7 files changed, 149 insertions(+), 209 deletions(-) diff --git a/tests/data_files/server10-badsign.crt b/tests/data_files/server10-badsign.crt index eca171f351..d4ac4b1708 100644 --- a/tests/data_files/server10-badsign.crt +++ b/tests/data_files/server10-badsign.crt @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX10= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS0= -----END CERTIFICATE----- diff --git a/tests/data_files/server10-bs_int3.pem b/tests/data_files/server10-bs_int3.pem index b84cee7c32..d824c43f35 100644 --- a/tests/data_files/server10-bs_int3.pem +++ b/tests/data_files/server10-bs_int3.pem @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX10= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- diff --git a/tests/data_files/server10.crt b/tests/data_files/server10.crt index 96a4040cef..52b5ea0cec 100644 --- a/tests/data_files/server10.crt +++ b/tests/data_files/server10.crt @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3-bs.pem b/tests/data_files/server10_int3-bs.pem index a9e06150bd..9a82b1730d 100644 --- a/tests/data_files/server10_int3-bs.pem +++ b/tests/data_files/server10_int3-bs.pem @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWf0= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg10== -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3_int-ca2.crt b/tests/data_files/server10_int3_int-ca2.crt index 0df2c653bb..b5852927c2 100644 --- a/tests/data_files/server10_int3_int-ca2.crt +++ b/tests/data_files/server10_int3_int-ca2.crt @@ -1,40 +1,40 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3_int-ca2_ca.crt b/tests/data_files/server10_int3_int-ca2_ca.crt index c25482b8b5..3601a20023 100644 --- a/tests/data_files/server10_int3_int-ca2_ca.crt +++ b/tests/data_files/server10_int3_int-ca2_ca.crt @@ -1,120 +1,60 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Feb 12 14:44:00 2011 GMT - Not After : Feb 12 14:44:00 2021 GMT - Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32: - 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18: - 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87: - 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93: - e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14: - cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9: - ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90: - 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60: - c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb: - 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0: - e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72: - 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1: - 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13: - 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6: - e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38: - 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9: - ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f: - a2:d5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - X509v3 Authority Key Identifier: - keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA - serial:00 - - Signature Algorithm: sha1WithRSAEncryption - b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07: - 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a: - 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9: - 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62: - 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26: - 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d: - 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5: - e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7: - e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f: - 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5: - 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce: - 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6: - 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca: - e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de: - f7:e0:e9:54 -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny 50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH -/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV -BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz -dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ -SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H -DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF -pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf -m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ -7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68 +x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB +BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T +hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/ +G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf +7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH +9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf +hlf8qotOhNvFXpEsCGwZUywayo7c4DtO -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3_spurious_int-ca2.crt b/tests/data_files/server10_int3_spurious_int-ca2.crt index c9d6715f44..87cc476b18 100644 --- a/tests/data_files/server10_int3_spurious_int-ca2.crt +++ b/tests/data_files/server10_int3_spurious_int-ca2.crt @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -38,27 +38,27 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- From f4b568cc98a2769ba64518202e00d751a8e09d49 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 12:26:11 +0800 Subject: [PATCH 456/483] Add rules to generate crl_cat* Signed-off-by: Jerry Yu Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 936ef13d06..7b5150ec3e 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -528,6 +528,19 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ all_final += rsa_pkcs8_2048_public.der +# Generate crl_cat_*.pem +# - crt_cat_*.pem: (1+2) concatenations in various orders: +# ec = crl-ec-sha256.pem, ecfut = crl-future.pem +# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem + +crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem + cat $^ > $@ + +crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem + cat $^ > $@ + +all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem + ################################################################ #### Generate various RSA keys ################################################################ From 1ced2cce9b6ddfc4022896163bd1c1010765f2fc Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 12:20:21 +0800 Subject: [PATCH 457/483] Update crl-ec-sha*.pem, crl.pem, crl_cat_*.pem This commit updates the files manually, the rules of generating these files will be upload in other PR. Signed-off-by: Pengyu Lv --- tests/data_files/crl-ec-sha1.pem | 14 ++++++------- tests/data_files/crl-ec-sha256.pem | 14 ++++++------- tests/data_files/crl.pem | 16 +++++++-------- tests/data_files/crl_cat_ec-rsa.pem | 32 ++++++++++++++--------------- tests/data_files/crl_cat_rsa-ec.pem | 32 ++++++++++++++--------------- 5 files changed, 54 insertions(+), 54 deletions(-) diff --git a/tests/data_files/crl-ec-sha1.pem b/tests/data_files/crl-ec-sha1.pem index 8358640a0d..f82d94674d 100644 --- a/tests/data_files/crl-ec-sha1.pem +++ b/tests/data_files/crl-ec-sha1.pem @@ -1,10 +1,10 @@ -----BEGIN X509 CRL----- -MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ -b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz -MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +MIIBbjCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQ +b2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMjMwNTE3MDcx +NDM5WhcNMzMwNTE3MDcxNDM5WjAUMBICAQoXDTIzMDUxNzA3MTQzOVqgcjBwMG4G A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO -TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg -Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW -svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm -56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +TDERMA8GA1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gAMGUCMQCRAtXd7kXgijlMXHXr6m0B +IzDbpAAwDwCJtgOzarF5hZKGDZeDp6vptGZK0y40NsoCMACxRrXIV+6KUBipFarI +36yXDoBNol2xzst6p9fOg+prl6p7vO1sRYrIGg1WJGA5wQ== -----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha256.pem b/tests/data_files/crl-ec-sha256.pem index adfd5f8937..b9fad50fc8 100644 --- a/tests/data_files/crl-ec-sha256.pem +++ b/tests/data_files/crl-ec-sha256.pem @@ -1,10 +1,10 @@ -----BEGIN X509 CRL----- -MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 -MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3 +MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC -TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD -IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln -S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX -g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n +zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq +NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw== -----END X509 CRL----- diff --git a/tests/data_files/crl.pem b/tests/data_files/crl.pem index df7417e8ee..5a1bdd35ab 100644 --- a/tests/data_files/crl.pem +++ b/tests/data_files/crl.pem @@ -1,11 +1,11 @@ -----BEGIN X509 CRL----- MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI -UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTE5MDIwNjE2MzQ0 -NloXDTI5MDIwNjE2MzQ0NlowKDASAgEBFw0xMTAyMTIxMjQ0MDdaMBICAQMXDTEx -MDIxMjEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAGHkRHGDz2HsoiXzfJDBpkfg -I+yK34O9zoHMyGcDZbF9fj4NVyyNA6XCgY3IgQYe3boA1edO6+8ImjqiZjYK+GWt -4ne7YhapRFAoFbKQY5hgy8mlpSRlNfmRVVCDDKannMac4tQff1LCFHN8msk/uG1b -WHWAsL6dzLVojhbUFY6mZTb6nqjm5YgqcsNsz37n4dyrCDftB99FQdE/aAec2RXP -Jgy9DnY5jMotPqHLZtMyfVNEoivDb7YJA5Vv6NSyiYVTjyWyTHNRsFEXRtHqjpqs -oZdBgLZAAQsUvuVpMbDKQ4FrZjOaOW/xLtKPlh/HNA5p7hNtwIiCAIvp7uQti0w= +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz +OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz +MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S +CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0 +e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66 +pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA +C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx +7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU= -----END X509 CRL----- diff --git a/tests/data_files/crl_cat_ec-rsa.pem b/tests/data_files/crl_cat_ec-rsa.pem index 3cda8ff03e..cafa1d4112 100644 --- a/tests/data_files/crl_cat_ec-rsa.pem +++ b/tests/data_files/crl_cat_ec-rsa.pem @@ -1,21 +1,21 @@ -----BEGIN X509 CRL----- -MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 -MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3 +MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC -TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD -IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln -S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX -g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n +zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq +NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw== -----END X509 CRL----- -----BEGIN X509 CRL----- -MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 -OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx -MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL -dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz -//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U -yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q -NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 -5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU= +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz +OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz +MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S +CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0 +e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66 +pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA +C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx +7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU= -----END X509 CRL----- diff --git a/tests/data_files/crl_cat_rsa-ec.pem b/tests/data_files/crl_cat_rsa-ec.pem index ded369d897..92ecccc6df 100644 --- a/tests/data_files/crl_cat_rsa-ec.pem +++ b/tests/data_files/crl_cat_rsa-ec.pem @@ -1,21 +1,21 @@ -----BEGIN X509 CRL----- -MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 -OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx -MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL -dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz -//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U -yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q -NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 -5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU= +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz +OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz +MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S +CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0 +e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66 +pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA +C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx +7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU= -----END X509 CRL----- -----BEGIN X509 CRL----- -MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 -MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3 +MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC -TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD -IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln -S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX -g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n +zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq +NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw== -----END X509 CRL----- From 5e2f312195436e4ea7b7e85d9e1bddcfa5ac336c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 15:05:18 +0800 Subject: [PATCH 458/483] Update cert macros in tests/src/certs.c This commit manually updates: - TEST_CA_CRT_EC_PEM - TEST_CA_CRT_EC_DER - TEST_SRV_CRT_EC_PEM - TEST_SRV_CRT_EC_DER Signed-off-by: Pengyu Lv --- tests/src/certs.c | 238 +++++++++++++++++++++++----------------------- 1 file changed, 119 insertions(+), 119 deletions(-) diff --git a/tests/src/certs.c b/tests/src/certs.c index 1f48570d7e..d2808d71c9 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -40,69 +40,69 @@ /* This is taken from tests/data_files/test-ca2.crt */ /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ -#define TEST_CA_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ - "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ - "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ - "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ - "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ - "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ - "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ +#define TEST_CA_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ + "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ + "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD\r\n" \ + "AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd\r\n" \ + "bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq\r\n" \ + "6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29\r\n" \ + "N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ -#define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ - 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ - 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ - 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ - 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ - 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ - 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ - 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ - 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ - 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ - 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ - 0xf5, 0xae, 0x1c, 0x42 \ +#define TEST_CA_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x0f, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, \ + 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, \ + 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, \ + 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0xe9, 0x35, 0x67, 0xc1, 0x22, 0x5c, 0xea, \ + 0xeb, 0x15, 0x76, 0x53, 0x04, 0x03, 0xff, 0x56, 0x06, 0xcf, 0xd7, 0xd0, \ + 0x50, 0xce, 0xc0, 0x7c, 0xd2, 0xb3, 0x55, 0xad, 0x8f, 0x54, 0x1a, 0x5f, \ + 0xfd, 0x00, 0xf5, 0x4c, 0x0c, 0xa5, 0x4d, 0x84, 0xc5, 0xe0, 0x62, 0x3a, \ + 0xaa, 0x56, 0xfa, 0x10, 0xf6, 0x02, 0x30, 0x5f, 0xd8, 0x55, 0xad, 0xbd, \ + 0x37, 0x9c, 0x82, 0xd6, 0x61, 0x40, 0x8a, 0xbd, 0x7d, 0x8d, 0xbf, 0x4f, \ + 0x97, 0xd8, 0xa2, 0x22, 0x44, 0x66, 0xd7, 0xb7, 0x4c, 0xe3, 0x2e, 0xa6, \ + 0xe5, 0x52, 0x0c, 0x7a, 0x91, 0x0f, 0x9b, 0xf5, 0x65, 0x58, 0x06, 0xbc, \ + 0x1f, 0x9a, 0x75, 0xf8, 0x13, 0xdb, 0x1b \ } /* END FILE */ @@ -503,72 +503,72 @@ /* This is taken from tests/data_files/server5.crt. */ /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ -#define TEST_SRV_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ - "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ - "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ - "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ - "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ - "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ - "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ - "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ - "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ - "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ +#define TEST_SRV_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ + "MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \ + "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ + "CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ\r\n" \ + "qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN\r\n" \ + "06jC+BLgOH1KQV9ArqEh3AhOhEg=\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ -#define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ - 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ - 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ - 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ - 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ - 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ - 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ - 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ - 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ - 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ - 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ +#define TEST_SRV_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x32, 0x33, 0x30, 0x35, 0x31, 0x37, 0x30, 0x37, 0x31, 0x30, 0x33, 0x36, \ + 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x35, 0x31, 0x34, 0x30, 0x37, 0x31, \ + 0x30, 0x33, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, \ + 0x30, 0x66, 0x02, 0x31, 0x00, 0xe0, 0xea, 0x9e, 0xcf, 0x3d, 0xfa, 0xf6, \ + 0xfa, 0x7e, 0xe7, 0x1a, 0xfc, 0x9a, 0xde, 0x95, 0x38, 0xba, 0xcb, 0x77, \ + 0x93, 0xb3, 0x9b, 0x93, 0x8f, 0xed, 0x65, 0x7f, 0xae, 0x1c, 0x74, 0x50, \ + 0xa9, 0xa7, 0x1c, 0xb3, 0x25, 0x0b, 0x78, 0x53, 0x73, 0x93, 0x24, 0x6f, \ + 0x58, 0x71, 0x5e, 0x4f, 0x9b, 0x02, 0x31, 0x00, 0xb3, 0x0c, 0x95, 0xfb, \ + 0xf4, 0x88, 0xbb, 0x84, 0x82, 0xd8, 0xcd, 0xaf, 0xe2, 0x5d, 0x62, 0x5e, \ + 0xfc, 0x18, 0xc9, 0x10, 0x4f, 0x0c, 0xb5, 0xe0, 0x91, 0x19, 0x70, 0xcd, \ + 0xd3, 0xa8, 0xc2, 0xf8, 0x12, 0xe0, 0x38, 0x7d, 0x4a, 0x41, 0x5f, 0x40, \ + 0xae, 0xa1, 0x21, 0xdc, 0x08, 0x4e, 0x84, 0x48 \ } /* END FILE */ From 6561f7d8abb470fd67b94b0930f5d921caf7bd6c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 2 Jun 2023 12:52:21 +0800 Subject: [PATCH 459/483] server5-der*.crt: Simplify the size calculation Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7b5150ec3e..17d719de6b 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -448,22 +448,22 @@ server5-der0.crt: server5.crt.der cp $< $@ server5-der1a.crt: server5.crt.der cp $< $@ - echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der1b.crt: server5.crt.der cp $< $@ - echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der2.crt: server5.crt.der cp $< $@ - echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der4.crt: server5.crt.der cp $< $@ - echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der8.crt: server5.crt.der cp $< $@ - echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der9.crt: server5.crt.der cp $< $@ - echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \ server5-der9.crt server5-der1a.crt server5-der2.crt \ server5-der8.crt From c7995a8185ee75d5c2bc9082eb845bef28a7b2f5 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 2 Jun 2023 13:23:39 +0800 Subject: [PATCH 460/483] Fix long line format Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 17d719de6b..ec4d00bd9f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -174,7 +174,9 @@ test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 all_final += test-ca2.crt test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 - $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \ + issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \ + not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ all_intermediate += test-ca2-future.crt test_ca_ec_cat := # files that concatenate different crt @@ -262,7 +264,9 @@ test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file) all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr - $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \ + -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \ @@ -327,7 +331,9 @@ server7.csr: server7.key all_intermediate += server7.csr server7.crt: server7.csr $(test_ca_int_rsa1) - $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ + $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ + -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \ + -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ all_final += server7.crt server7-expired.crt: server7.csr $(test_ca_int_rsa1) @@ -375,7 +381,10 @@ server7_all: server7.crt server7-badsign.crt server7-expired.crt server7-future. # server8* server8.crt: server8.key - $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \ + issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA256 version=3 output_file=$@ all_final += server8.crt server8_int-ca2.crt: server8.crt $(test_ca_int_ec) @@ -491,7 +500,11 @@ all_final += test-int-ca3-badsign.crt # server10* server10.crt: server10.key test-int-ca3.crt test-int-ca3.key - $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key subject_identifier=0 authority_identifier=0 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \ + issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \ + subject_identifier=0 authority_identifier=0 \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA256 version=3 output_file=$@ all_final += server10.crt server10-badsign.crt: server10.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ @@ -1503,13 +1516,19 @@ all_final += server2-sha256.crt # server3* server3.crt: server3.key - $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \ + issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA1 version=3 output_file=$@ all_final += server3.crt # server4* server4.crt: server4.key - $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \ + issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \ + not_before=20190210144400 not_after=20290210144400 \ + md=SHA256 version=3 output_file=$@ all_final += server4.crt # MD5 test certificate From 9770704cf2ad4677ef862c995045ff922b313e9e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 2 Jun 2023 13:27:21 +0800 Subject: [PATCH 461/483] Remove redundant PHONY targets Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index ec4d00bd9f..06365aba83 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -376,8 +376,6 @@ server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@ all_final += server7_spurious_int-ca.crt -server7_all: server7.crt server7-badsign.crt server7-expired.crt server7-future.crt server7_int-ca-exp.crt server7_int-ca.crt server7_int-ca_ca2.crt server7_all_space.crt server7_pem_space.crt server7_trailing_space.crt server7_spurious_int-ca.crt - # server8* server8.crt: server8.key @@ -391,8 +389,6 @@ server8_int-ca2.crt: server8.crt $(test_ca_int_ec) cat $^ > $@ all_final += server8_int-ca2.crt -server8_all: server8.crt server8_int-ca2.crt - cli2.req.sha256: cli2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 @@ -1791,8 +1787,6 @@ all: $(all_intermediate) $(all_final) .PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 .PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 .PHONY: server1_all -.PHONY: server7_all -.PHONY: server8_all # These files should not be committed to the repository. list_intermediate: From b8b9cd4a797f10d4b8c07e9ead913f072769fc39 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 6 Jun 2023 10:38:35 +0800 Subject: [PATCH 462/483] Mark all_intermediate as .SECONDARY Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 06365aba83..453db6f186 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1806,4 +1806,4 @@ neat: clean rm -f $(all_final) .PHONY: clean neat -.INTERMEDIATE: $(all_intermediate) +.SECONDARY: $(all_intermediate) From abf35d4ca35d145894d4cd260b555232ed0f72dd Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 6 Jun 2023 14:35:02 +0800 Subject: [PATCH 463/483] Restore rsa_single_san_uri.crt.der The file is moved by #7617 and used by #7575. That causes conflict. Signed-off-by: Jerry Yu --- tests/data_files/rsa_single_san_uri.crt.der | Bin 0 -> 898 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tests/data_files/rsa_single_san_uri.crt.der diff --git a/tests/data_files/rsa_single_san_uri.crt.der b/tests/data_files/rsa_single_san_uri.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..22308c6f45d82f7ed64c5a4224ae63a56aada704 GIT binary patch literal 898 zcmXqLVy-i2VoF=U%*4pVB$8kH`em-_o{pxZ#Sb!;n_Isr?Vn@7%f_kI=F#?@mywa1 zmBGN;klTQhjX9KsO_(Xv+fdMeAH?C};qXmLO;HH(2{x285C;h{^9aC%6hebM6@nf8 z4CKUljf@S93{4CTj4cdIqr`blfLsGhD3>zBn;4al9m~kdz}&>h&tTBR$i>ve$jGp~ z*>7`Mq+*hS*WDKY7tn-np}0 z=M+y{+4{p^^_p9ky}LF<%wH6e%OuhMd2z`;iv~5Ho9<`du?3lZo~``+p|RWUc3q%a~4n7KfT9s+n#gF zsu~S``Wg51^w_L9xBGPMU)!YK^mTvE>vxBTUS9ZNvc&_@59y}M(qBb}uQ+JBut>ye zmfqQiQ*UP+>9%_RPRNWeEJ>4Te&4zt=kP+KYq^h}?5f$f_hIyr|K5^sZz)ZTZf9G) zMwj)D^!pH%s@+PPe!a{5bRyy>&#B4fN~>8;pGZvjC1l1Ll`iYaUb<_uKZ|OF=5xjE zJiTl8t0#q670oGP`QfO(WQB#crbywkza@`9yG`5irkL><%Z>Z9Rz_FK{+D&)PW$h3 y(?|G|?z+{PoXQG!rIe%|?)N+CcBw)wQ2O_WlcD1G_^n>@iS3v+zac)Orvv~P1yK?J literal 0 HcmV?d00001 From 1ef26e285e06597c96486b540c5ac1422a982cbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 27 Jan 2023 11:47:05 +0100 Subject: [PATCH 464/483] Add convenience inline function to md.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 7bad24dc9b..79e25ea1b4 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -310,6 +310,20 @@ int mbedtls_md_clone(mbedtls_md_context_t *dst, */ unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info); +/** + * \brief This function gives the message-digest size associated to + * message-digest type. + * + * \param md_type The message-digest type. + * + * \return The size of the message-digest output in Bytes, + * or 0 if the message-digest type is not known. + */ +static inline unsigned char mbedtls_md_get_size_from_type(mbedtls_md_type_t md_type) +{ + return mbedtls_md_get_size(mbedtls_md_info_from_type(md_type)); +} + /** * \brief This function extracts the message-digest type from the * message-digest information structure. From 9b41eb8533474d264be33368ba625034111e2fd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:14:24 +0200 Subject: [PATCH 465/483] Replace hash_info_get_type with MD function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mostly a search and replace with just two manual changes: 1. Now PK and TLS need MD light, so auto-enable it. 2. Remove the old function in hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 4 +++- library/ecjpake.c | 4 ++-- library/hash_info.c | 12 ------------ library/hash_info.h | 10 ---------- library/pk.c | 2 +- library/pkcs12.c | 2 +- library/psa_crypto_rsa.c | 2 +- library/rsa.c | 14 +++++++------- library/ssl_tls12_client.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 12 files changed, 19 insertions(+), 39 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 0917bf72a0..59d18b0347 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -112,8 +112,10 @@ #if defined(MBEDTLS_ECJPAKE_C) || \ defined(MBEDTLS_PEM_PARSE_C) || \ defined(MBEDTLS_ENTROPY_C) || \ + defined(MBEDTLS_PK_C) || \ defined(MBEDTLS_PKCS12_C) || \ - defined(MBEDTLS_RSA_C) + defined(MBEDTLS_RSA_C) || \ + defined(MBEDTLS_SSL_TLS_C) #define MBEDTLS_MD_LIGHT #endif diff --git a/library/ecjpake.c b/library/ecjpake.c index 7d452bcd50..6f448b0301 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -244,7 +244,7 @@ static int ecjpake_hash(const mbedtls_md_type_t md_type, /* Turn it into an integer mod n */ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash, - mbedtls_hash_info_get_size(md_type))); + mbedtls_md_get_size_from_type(md_type))); MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N)); cleanup: @@ -780,7 +780,7 @@ int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; size_t x_bytes; - *olen = mbedtls_hash_info_get_size(ctx->md_type); + *olen = mbedtls_md_get_size_from_type(ctx->md_type); if (len < *olen) { return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; } diff --git a/library/hash_info.c b/library/hash_info.c index 37e44c6bd2..783fb2642e 100644 --- a/library/hash_info.c +++ b/library/hash_info.c @@ -55,18 +55,6 @@ static const hash_entry hash_table[] = { { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, }; -/* Get size from MD type */ -unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->md_type != md_type) { - entry++; - } - - return entry->size; -} - /* Get block size from MD type */ unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type) { diff --git a/library/hash_info.h b/library/hash_info.h index f984c82427..fb041fa914 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -50,16 +50,6 @@ #define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE #endif -/** Get the output length of the given hash type from its MD type. - * - * \note To get the output length from the PSA alg, use \c PSA_HASH_LENGTH(). - * - * \param md_type The hash MD type. - * - * \return The output length in bytes, or 0 if not known. - */ -unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type); - /** Get the block size of the given hash type from its MD type. * * \note To get the output length from the PSA alg, use diff --git a/library/pk.c b/library/pk.c index d30205cf78..d731d5b2d4 100644 --- a/library/pk.c +++ b/library/pk.c @@ -418,7 +418,7 @@ static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len) return 0; } - *hash_len = mbedtls_hash_info_get_size(md_alg); + *hash_len = mbedtls_md_get_size_from_type(md_alg); if (*hash_len == 0) { return -1; diff --git a/library/pkcs12.c b/library/pkcs12.c index 515d9e1370..2f76618d7d 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -314,7 +314,7 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, use_password = (pwd && pwdlen != 0); use_salt = (salt && saltlen != 0); - hlen = mbedtls_hash_info_get_size(md_type); + hlen = mbedtls_md_get_size_from_type(md_type); if (hlen <= 32) { v = 64; diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 3ff589dc88..02cade2deb 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -332,7 +332,7 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, if (*md_alg == MBEDTLS_MD_NONE) { return PSA_ERROR_NOT_SUPPORTED; } - if (mbedtls_hash_info_get_size(*md_alg) != hash_length) { + if (mbedtls_md_get_size_from_type(*md_alg) != hash_length) { return PSA_ERROR_INVALID_ARGUMENT; } } diff --git a/library/rsa.c b/library/rsa.c index 87b3311899..f7e7943269 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1229,7 +1229,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id); + hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1396,7 +1396,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id); + hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1596,7 +1596,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg); + size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg); if (exp_hashlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1606,7 +1606,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, } } - hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id); + hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1744,7 +1744,7 @@ static int rsa_rsassa_pkcs1_v15_encode(mbedtls_md_type_t md_alg, /* Are we signing hashed or raw data? */ if (md_alg != MBEDTLS_MD_NONE) { - unsigned char md_size = mbedtls_hash_info_get_size(md_alg); + unsigned char md_size = mbedtls_md_get_size_from_type(md_alg); if (md_size == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1995,7 +1995,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg); + size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg); if (exp_hashlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -2005,7 +2005,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, } } - hlen = mbedtls_hash_info_get_size(mgf1_hash_id); + hlen = mbedtls_md_get_size_from_type(mgf1_hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 691fa62dbd..b875fac53b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2408,7 +2408,7 @@ start_processing: mbedtls_pk_rsassa_pss_options rsassa_pss_options; rsassa_pss_options.mgf1_hash_id = md_alg; rsassa_pss_options.expected_salt_len = - mbedtls_hash_info_get_size(md_alg); + mbedtls_md_get_size_from_type(md_alg); if (rsassa_pss_options.expected_salt_len == 0) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index fbf9ea5c89..efa7efe728 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1200,7 +1200,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id); CHK(md_info != NULL); #endif - maclen = mbedtls_hash_info_get_size(hash_id); + maclen = mbedtls_md_get_size_from_type(hash_id); CHK(maclen != 0); /* Pick hash keys */ CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 65b0c0303f..65aa593a87 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1448,7 +1448,7 @@ void pk_psa_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) size_t sig_len; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char hash[PSA_HASH_MAX_SIZE]; - size_t hash_len = mbedtls_hash_info_get_size(md_alg); + size_t hash_len = mbedtls_md_get_size_from_type(md_alg); void const *options = NULL; mbedtls_pk_rsassa_pss_options rsassa_pss_options; memset(hash, 0x2a, sizeof(hash)); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index d93c1716db..22525d2d63 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -59,7 +59,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) } if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk, - csr.sig_md, hash, mbedtls_hash_info_get_size(csr.sig_md), + csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; goto cleanup; From 8857984b2f87f4caab853c4bcf04934f97f19c9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:20:23 +0200 Subject: [PATCH 466/483] Replace hash_info macro with MD macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now the MD macro also accounts for PSA-only hashes. Just a search-and-replace, plus manually removing the definition in hash_info.h. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecjpake.c | 2 +- library/hash_info.h | 14 -------------- library/pkcs12.c | 2 +- library/rsa.c | 6 +++--- library/ssl_tls12_client.c | 2 +- library/ssl_tls12_server.c | 2 +- library/x509_crt.c | 4 ++-- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- .../suites/test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_ecdsa.function | 4 ++-- tests/suites/test_suite_ssl.function | 4 ++-- 12 files changed, 16 insertions(+), 30 deletions(-) diff --git a/library/ecjpake.c b/library/ecjpake.c index 6f448b0301..c2ab4b86ad 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -217,7 +217,7 @@ static int ecjpake_hash(const mbedtls_md_type_t md_type, unsigned char *p = buf; const unsigned char *end = buf + sizeof(buf); const size_t id_len = strlen(id); - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; /* Write things to temporary buffer */ MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G)); diff --git a/library/hash_info.h b/library/hash_info.h index fb041fa914..84d3d7143f 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -36,20 +36,6 @@ #include "psa/crypto.h" #include "mbedtls/platform_util.h" -/** \def MBEDTLS_HASH_MAX_SIZE - * - * Maximum size of a hash based on configuration. - */ -#if defined(MBEDTLS_MD_C) && ( \ - !defined(MBEDTLS_PSA_CRYPTO_C) || \ - MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE) -#define MBEDTLS_HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE -#elif defined(MBEDTLS_PSA_CRYPTO_C) && ( \ - !defined(MBEDTLS_MD_C) || \ - PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE) -#define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE -#endif - /** Get the block size of the given hash type from its MD type. * * \note To get the output length from the PSA alg, use diff --git a/library/pkcs12.c b/library/pkcs12.c index 2f76618d7d..2e6ed7e814 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -290,7 +290,7 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, unsigned char diversifier[128]; unsigned char salt_block[128], pwd_block[128], hash_block[128] = { 0 }; - unsigned char hash_output[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash_output[MBEDTLS_MD_MAX_SIZE]; unsigned char *p; unsigned char c; int use_password = 0; diff --git a/library/rsa.c b/library/rsa.c index f7e7943269..3eb7cc0dcc 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1076,7 +1076,7 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, unsigned char *p; unsigned int hlen; size_t i, use_len; - unsigned char mask[MBEDTLS_HASH_MAX_SIZE]; + unsigned char mask[MBEDTLS_MD_MAX_SIZE]; int ret = 0; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; @@ -1380,7 +1380,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, size_t ilen, i, pad_len; unsigned char *p, bad, pad_done; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - unsigned char lhash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char lhash[MBEDTLS_MD_MAX_SIZE]; unsigned int hlen; /* @@ -1966,7 +1966,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, size_t siglen; unsigned char *p; unsigned char *hash_start; - unsigned char result[MBEDTLS_HASH_MAX_SIZE]; + unsigned char result[MBEDTLS_MD_MAX_SIZE]; unsigned int hlen; size_t observed_salt_len, msb; unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { 0 }; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index b875fac53b..df4c00373d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2291,7 +2291,7 @@ start_processing: #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { size_t sig_len, hashlen; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3b8710e413..40e6fc9795 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3081,7 +3081,7 @@ curve_matching_done: size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; size_t hashlen = 0; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; diff --git a/library/x509_crt.c b/library/x509_crt.c index 9c44ba6a4b..9b49a1b665 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2024,7 +2024,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, const mbedtls_x509_crt_profile *profile) { int flags = 0; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t psa_algorithm; #else @@ -2133,7 +2133,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, mbedtls_x509_crt_restart_ctx *rs_ctx) { size_t hash_len; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; #if !defined(MBEDTLS_USE_PSA_CRYPTO) const mbedtls_md_info_t *md_info; md_info = mbedtls_md_info_from_type(child->sig_md); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 274eb4b7ad..c89670aa45 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -569,7 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *c, *c2; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; size_t hash_length = 0; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t psa_algorithm; diff --git a/library/x509write_csr.c b/library/x509write_csr.c index deb66174b2..06f5c933bc 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -243,7 +243,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 985d482ebe..55886fa7ae 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -28,7 +28,7 @@ void ssl_cf_hmac(int hash) size_t min_in_len, in_len, max_in_len, i; /* TLS additional data is 13 bytes (hence the "lucky 13" name) */ unsigned char add_data[13]; - unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE]; + unsigned char ref_out[MBEDTLS_MD_MAX_SIZE]; unsigned char *data = NULL; unsigned char *out = NULL; unsigned char rec_num = 0; diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 60bb6c2d2b..14fe2f058b 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -15,7 +15,7 @@ void ecdsa_prim_zero(int id) mbedtls_ecp_point Q; mbedtls_mpi d, r, s; mbedtls_test_rnd_pseudo_info rnd_info; - unsigned char buf[MBEDTLS_HASH_MAX_SIZE]; + unsigned char buf[MBEDTLS_MD_MAX_SIZE]; mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&Q); @@ -47,7 +47,7 @@ void ecdsa_prim_random(int id) mbedtls_ecp_point Q; mbedtls_mpi d, r, s; mbedtls_test_rnd_pseudo_info rnd_info; - unsigned char buf[MBEDTLS_HASH_MAX_SIZE]; + unsigned char buf[MBEDTLS_MD_MAX_SIZE]; mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&Q); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6f9e544138..fb71b835b0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1974,7 +1974,7 @@ void ssl_tls13_create_psk_binder(int hash_alg, data_t *transcript, data_t *binder_expected) { - unsigned char binder[MBEDTLS_HASH_MAX_SIZE]; + unsigned char binder[MBEDTLS_MD_MAX_SIZE]; /* Double-check that we've passed sane parameters. */ psa_algorithm_t alg = (psa_algorithm_t) hash_alg; @@ -2108,7 +2108,7 @@ void ssl_tls13_key_evolution(int hash_alg, data_t *input, data_t *expected) { - unsigned char secret_new[MBEDTLS_HASH_MAX_SIZE]; + unsigned char secret_new[MBEDTLS_MD_MAX_SIZE]; PSA_INIT(); From 1b180bec40472a59e33ff2dd844a948b6398e6af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:25:32 +0200 Subject: [PATCH 467/483] Remove unused function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/hash_info.c | 12 ------------ library/hash_info.h | 11 ----------- 2 files changed, 23 deletions(-) diff --git a/library/hash_info.c b/library/hash_info.c index 783fb2642e..8daa4d0bc6 100644 --- a/library/hash_info.c +++ b/library/hash_info.c @@ -55,18 +55,6 @@ static const hash_entry hash_table[] = { { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, }; -/* Get block size from MD type */ -unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->md_type != md_type) { - entry++; - } - - return entry->block_size; -} - /* Get PSA from MD */ psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type) { diff --git a/library/hash_info.h b/library/hash_info.h index 84d3d7143f..1dd206e70c 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -36,17 +36,6 @@ #include "psa/crypto.h" #include "mbedtls/platform_util.h" -/** Get the block size of the given hash type from its MD type. - * - * \note To get the output length from the PSA alg, use - * \c PSA_HASH_BLOCK_LENGTH(). - * - * \param md_type The hash MD type. - * - * \return The block size in bytes, or 0 if not known. - */ -unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type); - /** Get the PSA alg from the MD type. * * \param md_type The hash MD type. From 36fb12e7dde2a59432bd76e66d535f15ab2e5a44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:33:23 +0200 Subject: [PATCH 468/483] Add MD <-> PSA translation functions to MD light MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 97 +++++++++++++++++++++++++++++++++++++++++++++++- library/md_psa.h | 60 ++++++++++++++++++++++++++++++ 2 files changed, 156 insertions(+), 1 deletion(-) create mode 100644 library/md_psa.h diff --git a/library/md.c b/library/md.c index 306af72b32..14a88ba1b3 100644 --- a/library/md.c +++ b/library/md.c @@ -52,8 +52,12 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#if defined(MBEDTLS_MD_SOME_PSA) +#if defined(MBEDTLS_PSA_CRYPTO_C) #include +#include "md_psa.h" +#endif + +#if defined(MBEDTLS_MD_SOME_PSA) #include "psa_crypto_core.h" #endif @@ -678,6 +682,97 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) return md_info->type; } +#if defined(MBEDTLS_PSA_CRYPTO_C) +psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) +{ + switch (md_type) { +#if defined(MBEDTLS_MD_CAN_MD5) + case MBEDTLS_MD_MD5: + return PSA_ALG_MD5; +#endif +#if defined(MBEDTLS_MD_CAN_RIPEMD160) + case MBEDTLS_MD_RIPEMD160: + return PSA_ALG_RIPEMD160; +#endif +#if defined(MBEDTLS_MD_CAN_SHA1) + case MBEDTLS_MD_SHA1: + return PSA_ALG_SHA_1; +#endif +#if defined(MBEDTLS_MD_CAN_SHA224) + case MBEDTLS_MD_SHA224: + return PSA_ALG_SHA_224; +#endif +#if defined(MBEDTLS_MD_CAN_SHA256) + case MBEDTLS_MD_SHA256: + return PSA_ALG_SHA_256; +#endif +#if defined(MBEDTLS_MD_CAN_SHA384) + case MBEDTLS_MD_SHA384: + return PSA_ALG_SHA_384; +#endif +#if defined(MBEDTLS_MD_CAN_SHA512) + case MBEDTLS_MD_SHA512: + return PSA_ALG_SHA_512; +#endif + default: + return PSA_ALG_NONE; + } +} + +mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) +{ + switch (psa_alg) { +#if defined(MBEDTLS_MD_CAN_MD5) + case PSA_ALG_MD5: + return MBEDTLS_MD_MD5; +#endif +#if defined(MBEDTLS_MD_CAN_RIPEMD160) + case PSA_ALG_RIPEMD160: + return MBEDTLS_MD_RIPEMD160; +#endif +#if defined(MBEDTLS_MD_CAN_SHA1) + case PSA_ALG_SHA_1: + return MBEDTLS_MD_SHA1; +#endif +#if defined(MBEDTLS_MD_CAN_SHA224) + case PSA_ALG_SHA_224: + return MBEDTLS_MD_SHA224; +#endif +#if defined(MBEDTLS_MD_CAN_SHA256) + case PSA_ALG_SHA_256: + return MBEDTLS_MD_SHA256; +#endif +#if defined(MBEDTLS_MD_CAN_SHA384) + case PSA_ALG_SHA_384: + return MBEDTLS_MD_SHA384; +#endif +#if defined(MBEDTLS_MD_CAN_SHA512) + case PSA_ALG_SHA_512: + return MBEDTLS_MD_SHA512; +#endif + default: + return MBEDTLS_MD_NONE; + } +} + +int mbedtls_md_error_from_psa(psa_status_t status) +{ + switch (status) { + case PSA_SUCCESS: + return 0; + case PSA_ERROR_NOT_SUPPORTED: + return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; + case PSA_ERROR_INVALID_ARGUMENT: + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + case PSA_ERROR_INSUFFICIENT_MEMORY: + return MBEDTLS_ERR_MD_ALLOC_FAILED; + default: + return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + } +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ + + /************************************************************************ * Functions above this separator are part of MBEDTLS_MD_LIGHT, * * functions below are only available when MBEDTLS_MD_C is set. * diff --git a/library/md_psa.h b/library/md_psa.h new file mode 100644 index 0000000000..6645c832e6 --- /dev/null +++ b/library/md_psa.h @@ -0,0 +1,60 @@ +/** + * Translation between MD and PSA identifiers (algorithms, errors). + * + * Note: this internal module will go away when everything becomes based on + * PSA Crypto; it is a helper for the transition period. + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef MBEDTLS_MD_PSA_H +#define MBEDTLS_MD_PSA_H + +#include "common.h" + +#include "mbedtls/md.h" +#include "psa/crypto.h" + +/** + * \brief This function returns the PSA algorithm identifier + * associated with the given digest type. + * + * \param md_type The type of digest to search for. + * + * \return The PSA algorithm identifier associated with \p md_type. + * \return PSA_ALG_NONE if the algorithm is not supported. + */ +psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); + +/** + * \brief This function returns the given digest type + * associated with the PSA algorithm identifier. + * + * \param psa_alg The PSA algorithm identifier to search for. + * + * \return The MD type associated with \p psa_alg. + * \return MBEDTLS_MD_NONE if the algorithm is not supported. + */ +mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg); + +/** Convert PSA status to MD error code. + * + * \param status PSA status. + * + * \return The corresponding MD error code, + */ +int mbedtls_md_error_from_psa(psa_status_t status); + +#endif /* MBEDTLS_MD_PSA_H */ From 2d6d993662558b5c0874c1c2ce8564defcb60bdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:38:08 +0200 Subject: [PATCH 469/483] Use MD<->PSA functions from MD light MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As usual, just a search-and-replace plus: 1. Removing things from hash_info.[ch] 2. Adding new auto-enable MD_LIGHT in build-info.h 3. Including md_psa.h where needed Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 4 +- include/mbedtls/psa_util.h | 2 +- library/hash_info.c | 42 ------------------- library/hash_info.h | 27 ------------ library/pk.c | 5 ++- library/pk_wrap.c | 12 +++--- library/psa_crypto.c | 2 +- library/psa_crypto_ecp.c | 3 +- library/psa_crypto_rsa.c | 5 ++- library/rsa.c | 3 +- library/ssl_ciphersuites.c | 4 +- library/ssl_cookie.c | 2 +- library/ssl_tls.c | 8 ++-- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 4 +- library/ssl_tls13_keys.c | 14 +++---- library/ssl_tls13_server.c | 2 +- library/x509_crt.c | 4 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 4 +- .../test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_x509write.function | 6 +-- 24 files changed, 50 insertions(+), 113 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 59d18b0347..c2c9dc9de4 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -115,7 +115,9 @@ defined(MBEDTLS_PK_C) || \ defined(MBEDTLS_PKCS12_C) || \ defined(MBEDTLS_RSA_C) || \ - defined(MBEDTLS_SSL_TLS_C) + defined(MBEDTLS_SSL_TLS_C) || \ + defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_X509_CREATE_C) #define MBEDTLS_MD_LIGHT #endif diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 64c24358ef..5fdecc6021 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -123,7 +123,7 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( /* Translations for hashing. */ /* Note: this function should not be used from inside the library, use - * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead. + * mbedtls_md_psa_alg_from_type() from the internal hash_info.h instead. * It is kept only for compatibility in case applications were using it. */ static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) { diff --git a/library/hash_info.c b/library/hash_info.c index 8daa4d0bc6..3a26251691 100644 --- a/library/hash_info.c +++ b/library/hash_info.c @@ -54,45 +54,3 @@ static const hash_entry hash_table[] = { #endif { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, }; - -/* Get PSA from MD */ -psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->md_type != md_type) { - entry++; - } - - return entry->psa_alg; -} - -/* Get MD from PSA */ -mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->psa_alg != psa_alg) { - entry++; - } - - return entry->md_type; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_md_error_from_psa(psa_status_t status) -{ - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_MD_ALLOC_FAILED; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/hash_info.h b/library/hash_info.h index 1dd206e70c..26e60e4f8d 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -36,31 +36,4 @@ #include "psa/crypto.h" #include "mbedtls/platform_util.h" -/** Get the PSA alg from the MD type. - * - * \param md_type The hash MD type. - * - * \return The corresponding PSA algorithm identifier, - * or PSA_ALG_NONE if not known. - */ -psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type); - -/** Get the MD type alg from the PSA algorithm identifier. - * - * \param psa_alg The PSA hash algorithm. - * - * \return The corresponding MD type, - * or MBEDTLS_MD_NONE if not known. - */ -mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg); - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** Convert PSA status to MD error code. - * - * \param status PSA status. - * - * \return The corresponding MD error code, - */ -int MBEDTLS_DEPRECATED mbedtls_md_error_from_psa(psa_status_t status); -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_HASH_INFO_H */ diff --git a/library/pk.c b/library/pk.c index d731d5b2d4..74a1ffae35 100644 --- a/library/pk.c +++ b/library/pk.c @@ -42,6 +42,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" +#include "md_psa.h" #endif #include @@ -567,7 +568,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, psa_status_t status = PSA_ERROR_DATA_CORRUPT; psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT; - psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg); @@ -735,7 +736,7 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, } #if defined(MBEDTLS_RSA_C) - psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); if (psa_md_alg == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9170231d6f..1bafd1fa03 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -205,7 +205,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; psa_algorithm_t psa_alg_md = - PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg)); + PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); size_t rsa_len = mbedtls_rsa_get_len(rsa); if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { @@ -357,7 +357,7 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, ((void) p_rng); psa_algorithm_t psa_md_alg; - psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); if (psa_md_alg == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -930,10 +930,10 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, psa_status_t status; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_algorithm_t psa_sig_md = - PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); + PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); #else psa_algorithm_t psa_sig_md = - PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); + PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); #endif #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_ecc_family_t curve = pk->ec_family; @@ -1631,12 +1631,12 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { - alg = PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); + alg = PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); } else #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ #if defined(MBEDTLS_RSA_C) if (PSA_KEY_TYPE_IS_RSA(type)) { - alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg)); + alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); } else #endif /* MBEDTLS_RSA_C */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 85451bf649..7fb1063f0b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3610,7 +3610,7 @@ psa_status_t mbedtls_psa_sign_hash_start( operation->ctx->grp.nbits); psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + operation->md_alg = mbedtls_md_type_from_psa_alg(hash_alg); operation->alg = alg; /* We only need to store the same length of hash as the private key size diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index f70d804b0f..bf2cae82b2 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -27,6 +27,7 @@ #include "psa_crypto_ecp.h" #include "psa_crypto_random_impl.h" #include "hash_info.h" +#include "md_psa.h" #include #include @@ -366,7 +367,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg); MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s, &ecp->d, hash, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 02cade2deb..bb8371a885 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -28,6 +28,7 @@ #include "psa_crypto_random_impl.h" #include "psa_crypto_rsa.h" #include "psa_crypto_hash.h" +#include "md_psa.h" #include #include @@ -318,7 +319,7 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, mbedtls_md_type_t *md_alg) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - *md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + *md_alg = mbedtls_md_type_from_psa_alg(hash_alg); /* The Mbed TLS RSA module uses an unsigned int for hash length * parameters. Validate that it fits so that we don't risk an @@ -527,7 +528,7 @@ static int psa_rsa_oaep_set_padding_mode(psa_algorithm_t alg, mbedtls_rsa_context *rsa) { psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH(alg); - mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg); return mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg); } diff --git a/library/rsa.c b/library/rsa.c index 3eb7cc0dcc..aa8cdf6a82 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -47,6 +47,7 @@ #include "constant_time_internal.h" #include "mbedtls/constant_time.h" #include "hash_info.h" +#include "md_psa.h" #include @@ -478,7 +479,7 @@ int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, if ((padding == MBEDTLS_RSA_PKCS_V21) && (hash_id != MBEDTLS_MD_NONE)) { /* Just make sure this hash is supported in this build. */ - if (mbedtls_hash_info_psa_from_md(hash_id) == PSA_ALG_NONE) { + if (mbedtls_md_psa_alg_from_type(hash_id) == PSA_ALG_NONE) { return MBEDTLS_ERR_RSA_INVALID_PADDING; } } diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 9cef3fe79a..3d4466a978 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1966,10 +1966,10 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_hash_info_psa_from_md(info->mac)); + mbedtls_md_psa_alg_from_type(info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(info->mac)); + return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 6d54300bc9..b51e91a122 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -114,7 +114,7 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, (void) f_rng; (void) p_rng; - alg = mbedtls_hash_info_psa_from_md(COOKIE_MD); + alg = mbedtls_md_psa_alg_from_type(COOKIE_MD); if (alg == 0) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c928ccda81..2a6242099f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8292,9 +8292,9 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - mac_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac); + mac_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); if (mac_alg == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_hash_info_psa_from_md for %u not found", + MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found", (unsigned) ciphersuite_info->mac)); return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -8741,7 +8741,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, { psa_status_t status; psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(md_alg); MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange")); @@ -8870,7 +8870,7 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( #if defined(MBEDTLS_USE_PSA_CRYPTO) if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) { psa_algorithm_t psa_hash_alg = - mbedtls_hash_info_psa_from_md(hash_alg_received); + mbedtls_md_psa_alg_from_type(hash_alg_received); if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e347853818..937463d772 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -850,7 +850,7 @@ static int ssl_tls13_write_binder(mbedtls_ssl_context *ssl, /* Get current state of handshake transcript. */ ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_hash_info_md_from_psa(hash_alg), + ssl, mbedtls_md_type_from_psa_alg(hash_alg), transcript, sizeof(transcript), &transcript_len); if (ret != 0) { return ret; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a00785b09b..de2ce32625 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -274,7 +274,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, goto error; } - hash_alg = mbedtls_hash_info_psa_from_md(md_alg); + hash_alg = mbedtls_md_psa_alg_from_type(md_alg); if (hash_alg == 0) { goto error; } @@ -1076,7 +1076,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, } /* Hash verify buffer with indicated hash function */ - psa_algorithm = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm = mbedtls_md_psa_alg_from_type(md_alg); status = psa_hash_compute(psa_algorithm, verify_buffer, verify_buffer_len, diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 46caa45d3e..74dbe48fbb 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -677,7 +677,7 @@ static int ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( handshake->ciphersuite_info->mac); /* @@ -792,7 +792,7 @@ int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl, mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type( ssl->handshake->ciphersuite_info->mac); size_t const hash_len = PSA_HASH_LENGTH(hash_alg); @@ -1163,7 +1163,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, md_type = ciphersuite_info->mac; - hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1291,7 +1291,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); @@ -1365,7 +1365,7 @@ static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, md_type = ciphersuite_info->mac; - hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1472,7 +1472,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( handshake->ciphersuite_info->mac); unsigned char *shared_secret = NULL; size_t shared_secret_len = 0; @@ -1608,7 +1608,7 @@ static int ssl_tls13_generate_application_keys( md_type = handshake->ciphersuite_info->mac; - hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); /* Compute current handshake transcript. It's the caller's responsibility diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dc3c2f070d..8403151218 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -332,7 +332,7 @@ static int ssl_tls13_offered_psks_check_binder_match( /* Get current state of handshake transcript. */ ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_hash_info_md_from_psa(psk_hash_alg), + ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), transcript, sizeof(transcript), &transcript_len); if (ret != 0) { return ret; diff --git a/library/x509_crt.c b/library/x509_crt.c index 9b49a1b665..69c3c03481 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2064,7 +2064,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_hash_info_psa_from_md(crl_list->sig_md); + psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); if (psa_hash_compute(psa_algorithm, crl_list->tbs.p, crl_list->tbs.len, @@ -2144,7 +2144,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, return -1; } #else - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(child->sig_md); + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; status = psa_hash_compute(hash_alg, diff --git a/library/x509write_crt.c b/library/x509write_crt.c index c89670aa45..a8ea945997 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -728,7 +728,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* Compute hash of CRT. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_hash_info_psa_from_md(ctx->md_alg); + psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg); status = psa_hash_compute(psa_algorithm, c, diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 06f5c933bc..f4fad884af 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, mbedtls_pk_type_t pk_alg; #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_len; - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(ctx->md_alg); + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Write the CSR backwards starting from the end of buf */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index efa7efe728..d1e3d9ce83 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1209,7 +1209,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(md1, 0x6, maclen); #if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = mbedtls_hash_info_psa_from_md(hash_id); + alg = mbedtls_md_psa_alg_from_type(hash_id); CHK(alg != 0); @@ -1501,7 +1501,7 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); size_t hash_size = 0; psa_status_t status = psa_hash_compute( diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 55886fa7ae..35ed0430e5 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -36,7 +36,7 @@ void ssl_cf_hmac(int hash) USE_PSA_INIT(); #if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = PSA_ALG_HMAC(mbedtls_hash_info_psa_from_md(hash)); + alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash)); out_len = PSA_HASH_LENGTH(alg); block_size = PSA_HASH_BLOCK_LENGTH(alg); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 65aa593a87..0adf1fc69e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1491,7 +1491,7 @@ void pk_psa_wrap_sign_ext(int pk_type, int parameter, int key_pk_type, int md_al unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; unsigned char *pkey_start; unsigned char hash[PSA_HASH_MAX_SIZE]; - psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); psa_algorithm_t psa_alg; size_t hash_len = PSA_HASH_LENGTH(psa_md_alg); void const *options = NULL; diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 22525d2d63..be6a066fef 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -47,7 +47,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(csr.sig_md); + psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(csr.sig_md); size_t hash_size = 0; psa_status_t status = psa_hash_compute(psa_alg, csr.cri.p, csr.cri.len, hash, PSA_HASH_MAX_SIZE, &hash_size); @@ -270,7 +270,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type); + md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type); TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE); mbedtls_pk_init(&key); @@ -428,7 +428,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, if (pk_wrap == 2) { psa_algorithm_t alg_psa, md_alg_psa; - md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type); + md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type); TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE); if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) { From 6076f4124a1df99a782229f814578b5e2fa3533f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:43:36 +0200 Subject: [PATCH 470/483] Remove hash_info.[ch] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/psa_util.h | 2 +- library/CMakeLists.txt | 1 - library/Makefile | 1 - library/ecjpake.c | 2 - library/hash_info.c | 56 ------------------- library/hash_info.h | 39 ------------- library/pem.c | 1 - library/pk.c | 2 - library/pk_wrap.c | 1 - library/pkcs12.c | 1 - library/pkcs5.c | 1 - library/psa_crypto.c | 1 - library/psa_crypto_ecp.c | 1 - library/psa_crypto_rsa.c | 1 - library/rsa.c | 1 - library/ssl_misc.h | 1 - library/ssl_tls12_client.c | 2 - library/ssl_tls12_server.c | 1 - library/x509_crt.c | 1 - library/x509write_crt.c | 2 - library/x509write_csr.c | 1 - tests/include/test/ssl_helpers.h | 1 - .../test_suite_constant_time_hmac.function | 1 - tests/suites/test_suite_ecdsa.function | 1 - tests/suites/test_suite_pk.function | 2 - tests/suites/test_suite_ssl.function | 2 - tests/suites/test_suite_x509write.function | 2 - 27 files changed, 1 insertion(+), 127 deletions(-) delete mode 100644 library/hash_info.c delete mode 100644 library/hash_info.h diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5fdecc6021..cdc20e8af7 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -123,7 +123,7 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( /* Translations for hashing. */ /* Note: this function should not be used from inside the library, use - * mbedtls_md_psa_alg_from_type() from the internal hash_info.h instead. + * mbedtls_md_psa_alg_from_type() from the internal md_psa.h instead. * It is kept only for compatibility in case applications were using it. */ static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) { diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index a08f3ff0b1..915c8200fa 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -42,7 +42,6 @@ set(src_crypto entropy_poll.c error.c gcm.c - hash_info.c hkdf.c hmac_drbg.c lmots.c diff --git a/library/Makefile b/library/Makefile index 51e7a15a6a..01da1c9cff 100644 --- a/library/Makefile +++ b/library/Makefile @@ -107,7 +107,6 @@ OBJS_CRYPTO= \ entropy_poll.o \ error.o \ gcm.o \ - hash_info.o \ hkdf.o \ hmac_drbg.o \ lmots.o \ diff --git a/library/ecjpake.c b/library/ecjpake.c index c2ab4b86ad..19ad2c6e0f 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -30,8 +30,6 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "hash_info.h" - #include #if !defined(MBEDTLS_ECJPAKE_ALT) diff --git a/library/hash_info.c b/library/hash_info.c deleted file mode 100644 index 3a26251691..0000000000 --- a/library/hash_info.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Hash information that's independent from the crypto implementation. - * - * (See the corresponding header file for usage notes.) - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "hash_info.h" -#include "mbedtls/error.h" - -typedef struct { - psa_algorithm_t psa_alg; - mbedtls_md_type_t md_type; - unsigned char size; - unsigned char block_size; -} hash_entry; - -static const hash_entry hash_table[] = { -#if defined(MBEDTLS_MD_CAN_MD5) - { PSA_ALG_MD5, MBEDTLS_MD_MD5, 16, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_RIPEMD160) - { PSA_ALG_RIPEMD160, MBEDTLS_MD_RIPEMD160, 20, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA1) - { PSA_ALG_SHA_1, MBEDTLS_MD_SHA1, 20, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA224) - { PSA_ALG_SHA_224, MBEDTLS_MD_SHA224, 28, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA256) - { PSA_ALG_SHA_256, MBEDTLS_MD_SHA256, 32, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA384) - { PSA_ALG_SHA_384, MBEDTLS_MD_SHA384, 48, 128 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA512) - { PSA_ALG_SHA_512, MBEDTLS_MD_SHA512, 64, 128 }, -#endif - { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, -}; diff --git a/library/hash_info.h b/library/hash_info.h deleted file mode 100644 index 26e60e4f8d..0000000000 --- a/library/hash_info.h +++ /dev/null @@ -1,39 +0,0 @@ -/** - * Hash information that's independent from the crypto implementation. - * - * This can be used by: - * - code based on PSA - * - code based on the legacy API - * - code based on either of them depending on MBEDTLS_USE_PSA_CRYPTO - * - code based on either of them depending on what's available - * - * Note: this internal module will go away when everything becomes based on - * PSA Crypto; it is a helper for the transition while hash algorithms are - * still represented using mbedtls_md_type_t in most places even when PSA is - * used for the actual crypto computations. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_HASH_INFO_H -#define MBEDTLS_HASH_INFO_H - -#include "common.h" - -#include "mbedtls/md.h" -#include "psa/crypto.h" -#include "mbedtls/platform_util.h" - -#endif /* MBEDTLS_HASH_INFO_H */ diff --git a/library/pem.c b/library/pem.c index aed4788bfe..056c98c771 100644 --- a/library/pem.c +++ b/library/pem.c @@ -29,7 +29,6 @@ #include "mbedtls/cipher.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "hash_info.h" #include diff --git a/library/pk.c b/library/pk.c index 74a1ffae35..91796dec9d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -25,8 +25,6 @@ #include "pkwrite.h" #include "pk_internal.h" -#include "hash_info.h" - #include "mbedtls/platform_util.h" #include "mbedtls/error.h" diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 1bafd1fa03..087a7a386a 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -47,7 +47,6 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" -#include "hash_info.h" #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) #include "mbedtls/asn1write.h" diff --git a/library/pkcs12.c b/library/pkcs12.c index 2e6ed7e814..ce2dcf27ea 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -39,7 +39,6 @@ #include "mbedtls/des.h" #endif -#include "hash_info.h" #include "mbedtls/psa_util.h" #if defined(MBEDTLS_ASN1_PARSE_C) diff --git a/library/pkcs5.c b/library/pkcs5.c index 0f4baf1bdb..94da9813e9 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -44,7 +44,6 @@ #include "mbedtls/platform.h" -#include "hash_info.h" #include "mbedtls/psa_util.h" #if defined(MBEDTLS_ASN1_PARSE_C) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7fb1063f0b..9a4cfdbdd7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -82,7 +82,6 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "hash_info.h" #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index bf2cae82b2..488020882f 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -26,7 +26,6 @@ #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" #include "psa_crypto_random_impl.h" -#include "hash_info.h" #include "md_psa.h" #include diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index bb8371a885..ab93146deb 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -38,7 +38,6 @@ #include #include #include "pk_wrap.h" -#include "hash_info.h" #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ diff --git a/library/rsa.c b/library/rsa.c index aa8cdf6a82..950d8e91c0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -46,7 +46,6 @@ #include "mbedtls/error.h" #include "constant_time_internal.h" #include "mbedtls/constant_time.h" -#include "hash_info.h" #include "md_psa.h" #include diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 17149c59e6..2d6d7bace5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -30,7 +30,6 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#include "hash_info.h" #endif #if defined(MBEDTLS_MD_CAN_MD5) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index df4c00373d..fc96dae1e2 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -50,8 +50,6 @@ #include "mbedtls/platform_util.h" #endif -#include "hash_info.h" - #if defined(MBEDTLS_SSL_RENEGOTIATION) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 40e6fc9795..30c35f3a45 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -30,7 +30,6 @@ #include "mbedtls/platform_util.h" #include "constant_time_internal.h" #include "mbedtls/constant_time.h" -#include "hash_info.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index 69c3c03481..65b464a724 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -48,7 +48,6 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#include "hash_info.h" #include "x509_invasive.h" #include "pk_internal.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index a8ea945997..6c781933eb 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -47,8 +47,6 @@ #include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#include "hash_info.h" - #define CHECK_OVERFLOW_ADD(a, b) \ do \ { \ diff --git a/library/x509write_csr.c b/library/x509write_csr.c index f4fad884af..1862388777 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -37,7 +37,6 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#include "hash_info.h" #include #include diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 572b6cb71e..2841691c9c 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -36,7 +36,6 @@ #include #include #include -#include "hash_info.h" #include "test/certs.h" diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 35ed0430e5..42b1e7c62f 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -3,7 +3,6 @@ #include #include #include -#include #include /* END_HEADER */ diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 14fe2f058b..f16a6d4134 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -1,6 +1,5 @@ /* BEGIN_HEADER */ #include "mbedtls/ecdsa.h" -#include "hash_info.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 0adf1fc69e..eca46c86ab 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -9,8 +9,6 @@ #include "mbedtls/rsa.h" #include "pk_internal.h" -#include "hash_info.h" - #include #include diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index fb71b835b0..a8c714f391 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -7,8 +7,6 @@ #include #include -#include "hash_info.h" - #include #include diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index be6a066fef..c3b67684db 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -8,8 +8,6 @@ #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" -#include "hash_info.h" - #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, From 1f2a587cdf821eb18301014b8a80bcf044336862 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:46:17 +0200 Subject: [PATCH 471/483] Use actual function instead of static inline MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Large static inline functions used from several translation units in the library are bad for code size as we end up with multiple copies. Use the actual function instead. There's already a comment that says so. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_client.c | 6 +++--- library/ssl_tls13_keys.c | 4 ++-- library/ssl_tls13_server.c | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 937463d772..48780d8439 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -672,7 +672,7 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite) ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); if (ciphersuite_info != NULL) { - return mbedtls_psa_translate_md(ciphersuite_info->mac); + return mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); } return PSA_ALG_NONE; @@ -1126,7 +1126,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, return ret; } - if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac) + if (mbedtls_md_psa_alg_from_type(ssl->handshake->ciphersuite_info->mac) != hash_alg) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Invalid ciphersuite for external psk.")); @@ -2844,7 +2844,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac); + psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_length = PSA_HASH_LENGTH(psa_hash_alg); if (hash_length == -1 || (size_t) hash_length > sizeof(session->resumption_key)) { diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 74dbe48fbb..533865d86d 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1766,7 +1766,7 @@ int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl) } ret = mbedtls_ssl_tls13_derive_resumption_master_secret( - mbedtls_psa_translate_md(md_type), + mbedtls_md_psa_alg_from_type(md_type), handshake->tls13_master_secrets.app, transcript, transcript_len, &ssl->session_negotiate->app_secrets); @@ -1781,7 +1781,7 @@ int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret", ssl->session_negotiate->app_secrets.resumption_master_secret, - PSA_HASH_LENGTH(mbedtls_psa_translate_md(md_type))); + PSA_HASH_LENGTH(mbedtls_md_psa_alg_from_type(md_type))); MBEDTLS_SSL_DEBUG_MSG( 2, ("<= mbedtls_ssl_tls13_compute_resumption_master_secret")); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 8403151218..60ffd269d7 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -406,7 +406,7 @@ static int ssl_tls13_select_ciphersuite_for_psk( /* MAC of selected ciphersuite MUST be same with PSK binder if exist. * Otherwise, client should reject. */ - if (psk_hash_alg == mbedtls_psa_translate_md(ciphersuite_info->mac)) { + if (psk_hash_alg == mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)) { *selected_ciphersuite = cipher_suite; *selected_ciphersuite_info = ciphersuite_info; return 0; @@ -612,7 +612,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( ret = ssl_tls13_offered_psks_check_binder_match( ssl, binder, binder_len, psk_type, - mbedtls_psa_translate_md(ciphersuite_info->mac)); + mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)); if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) { /* For security reasons, the handshake should be aborted when we * fail to validate a binder value. See RFC 8446 section 4.2.11.2 @@ -2783,7 +2783,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, ciphersuite_info = (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; - psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac); + psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_length = PSA_HASH_LENGTH(psa_hash_alg); if (hash_length == -1 || (size_t) hash_length > sizeof(session->resumption_key)) { From 1c32e37b0c93b0ad1403f26db5b78f9ff4e8f639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:57:09 +0200 Subject: [PATCH 472/483] Formally deprecate mbedtls_psa_translate_md() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous informal comment was not enough to prevent it from being used in several places in the library. This should have more effect, considering with have builds with DEPRECATED_REMOVED. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/psa_util.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index cdc20e8af7..f1a49ec2ab 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -29,6 +29,8 @@ #include "mbedtls/build_info.h" +#include "mbedtls/platform_util.h" + #if defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" @@ -125,7 +127,8 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( /* Note: this function should not be used from inside the library, use * mbedtls_md_psa_alg_from_type() from the internal md_psa.h instead. * It is kept only for compatibility in case applications were using it. */ -static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +static inline MBEDTLS_DEPRECATED psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) { switch (md_alg) { #if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5) @@ -162,6 +165,7 @@ static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) return 0; } } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ /* Translations for ECC. */ From ddbf61a9387686f16d58191c01f6935b529bef44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 12:14:01 +0200 Subject: [PATCH 473/483] Use general framework for PSA status conversion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/library/md.c b/library/md.c index 14a88ba1b3..14b400bdc6 100644 --- a/library/md.c +++ b/library/md.c @@ -55,6 +55,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include #include "md_psa.h" +#include "mbedtls/psa_util.h" #endif #if defined(MBEDTLS_MD_SOME_PSA) @@ -217,16 +218,8 @@ static int md_can_use_psa(const mbedtls_md_info_t *info) static int mbedtls_md_error_from_psa(psa_status_t status) { - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_MD_ALLOC_FAILED; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } + return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, + psa_generic_status_to_mbedtls); } #endif /* MBEDTLS_MD_SOME_PSA */ From 02b10d826696eb3168c309a8a66a882513b9eecc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 12:33:20 +0200 Subject: [PATCH 474/483] Add missing include MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix build failures with config full Signed-off-by: Manuel Pégourié-Gonnard --- library/pk_wrap.c | 1 + library/psa_crypto.c | 1 + library/ssl_ciphersuites.c | 3 +++ library/ssl_cookie.c | 1 + library/ssl_tls.c | 1 + library/ssl_tls13_client.c | 1 + library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_keys.c | 1 + library/ssl_tls13_server.c | 1 + library/x509_crt.c | 1 + library/x509write_crt.c | 1 + library/x509write_csr.c | 1 + tests/src/test_helpers/ssl_helpers.c | 1 + tests/suites/test_suite_constant_time_hmac.function | 1 + tests/suites/test_suite_pk.function | 1 + tests/suites/test_suite_x509write.function | 1 + 16 files changed, 18 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 087a7a386a..a4c2a3bfe0 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -25,6 +25,7 @@ #include "pk_wrap.h" #include "pk_internal.h" #include "mbedtls/error.h" +#include "md_psa.h" /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9a4cfdbdd7..399e7f3879 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -82,6 +82,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#include "md_psa.h" #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 3d4466a978..793ec6a1c8 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -28,6 +28,9 @@ #include "mbedtls/ssl_ciphersuites.h" #include "mbedtls/ssl.h" #include "ssl_misc.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "md_psa.h" +#endif #include diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index b51e91a122..ae7a4204ca 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -36,6 +36,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "md_psa.h" #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ psa_generic_status_to_mbedtls) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2a6242099f..a5562e6a13 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -41,6 +41,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "md_psa.h" #include "mbedtls/psa_util.h" #include "psa/crypto.h" #endif diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 48780d8439..3dffc1df4a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -33,6 +33,7 @@ #include "ssl_client.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" +#include "md_psa.h" #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index de2ce32625..a59f01c3e0 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -29,7 +29,7 @@ #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" -#include "mbedtls/psa_util.h" +#include "md_psa.h" #include "ssl_misc.h" #include "ssl_tls13_invasive.h" diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 533865d86d..540f854a84 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -34,6 +34,7 @@ #include "ssl_tls13_invasive.h" #include "psa/crypto.h" +#include "md_psa.h" #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 60ffd269d7..cf61191877 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -25,6 +25,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" +#include "md_psa.h" #include "ssl_misc.h" #include "ssl_tls13_keys.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 65b464a724..9b3414a49e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -47,6 +47,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "md_psa.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "x509_invasive.h" #include "pk_internal.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 6c781933eb..59fd589003 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -45,6 +45,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "md_psa.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #define CHECK_OVERFLOW_ADD(a, b) \ diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 1862388777..d792d34509 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -36,6 +36,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "md_psa.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index d1e3d9ce83..e8bbc78d1e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -21,6 +21,7 @@ */ #include +#include "md_psa.h" #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 42b1e7c62f..9ee372b5f9 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -3,6 +3,7 @@ #include #include #include +#include "md_psa.h" #include /* END_HEADER */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index eca46c86ab..78711404ac 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -16,6 +16,7 @@ * but the test code generator requires test case data to be valid C code * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ #include "psa/crypto.h" +#include "md_psa.h" /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "mbedtls/psa_util.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index c3b67684db..ab4a2d0d35 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -7,6 +7,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" +#include "md_psa.h" #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, From a14b8f0a174b7747154ae9ca922cfd94d118d693 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 12:49:39 +0200 Subject: [PATCH 475/483] Add total when printing sizes in all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 36d5fa4167..7b0893b8fc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3836,7 +3836,7 @@ component_build_arm_none_eabi_gcc () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" - ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o + ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o } component_build_arm_linux_gnueabi_gcc_arm5vte () { @@ -3850,7 +3850,7 @@ component_build_arm_linux_gnueabi_gcc_arm5vte () { make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" - ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o + ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o } support_build_arm_linux_gnueabi_gcc_arm5vte () { type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 @@ -3865,7 +3865,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" - ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o + ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o } component_build_arm_none_eabi_gcc_m0plus () { @@ -3874,7 +3874,7 @@ component_build_arm_none_eabi_gcc_m0plus () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size" - ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o + ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o } component_build_arm_none_eabi_gcc_no_udbl_division () { From 3761e9e8fdce6fbe17d1bb89f4ab867cf1851512 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 12:54:56 +0200 Subject: [PATCH 476/483] Use function instead of macro for error conversion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit tests/scripts/all.sh build_arm_none_eabi_gcc_m0plus | grep TOTALS Before: 323003 After: 322883 Saved: 120 bytes Not huge, but still nice to have. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a5562e6a13..f0067f4b2d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -844,11 +844,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } #else mbedtls_md_free(&ssl->handshake->fin_sha256); @@ -869,11 +869,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } #else mbedtls_md_free(&ssl->handshake->fin_sha384); @@ -911,7 +911,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } #else ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); @@ -924,7 +924,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } #else ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); @@ -941,8 +941,8 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - return PSA_TO_MD_ERR(psa_hash_update( - &ssl->handshake->fin_sha256_psa, buf, len)); + return mbedtls_md_error_from_psa(psa_hash_update( + &ssl->handshake->fin_sha256_psa, buf, len)); #else return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); #endif @@ -954,8 +954,8 @@ static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - return PSA_TO_MD_ERR(psa_hash_update( - &ssl->handshake->fin_sha384_psa, buf, len)); + return mbedtls_md_error_from_psa(psa_hash_update( + &ssl->handshake->fin_sha384_psa, buf, len)); #else return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); #endif @@ -6627,7 +6627,7 @@ int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, exit: psa_hash_abort(&sha256_psa); - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_context_t sha256; @@ -6689,7 +6689,7 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, exit: psa_hash_abort(&sha384_psa); - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_context_t sha384; @@ -7742,7 +7742,7 @@ static int ssl_calc_finished_tls_sha256( exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&sha256_psa); - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); #else mbedtls_md_free(&sha256); return ret; @@ -7831,7 +7831,7 @@ static int ssl_calc_finished_tls_sha384( exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&sha384_psa); - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); #else mbedtls_md_free(&sha384); return ret; From b3b54abf8afe7540a15a42c7136f8c04e1ac4fcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 29 Mar 2023 12:36:34 +0200 Subject: [PATCH 477/483] Fix duplicated definition of a function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/library/md.c b/library/md.c index 14b400bdc6..b77ce9f776 100644 --- a/library/md.c +++ b/library/md.c @@ -215,12 +215,6 @@ static int md_can_use_psa(const mbedtls_md_info_t *info) return psa_can_do_hash(alg); } - -static int mbedtls_md_error_from_psa(psa_status_t status) -{ - return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, - psa_generic_status_to_mbedtls); -} #endif /* MBEDTLS_MD_SOME_PSA */ void mbedtls_md_init(mbedtls_md_context_t *ctx) @@ -750,18 +744,8 @@ mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) int mbedtls_md_error_from_psa(psa_status_t status) { - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_MD_ALLOC_FAILED; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } + return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, + psa_generic_status_to_mbedtls); } #endif /* MBEDTLS_PSA_CRYPTO_C */ From 725d2e24aa4d1244137d57a0c82cd4c6c41e62e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 29 Mar 2023 12:38:37 +0200 Subject: [PATCH 478/483] Fix guard for PSA->MD error conversion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/psa_util.h | 2 +- library/psa_util.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index f1a49ec2ab..1971646234 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -373,7 +373,7 @@ typedef struct { int16_t mbedtls_error; } mbedtls_error_pair_t; -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_MD_LIGHT) extern const mbedtls_error_pair_t psa_to_md_errors[4]; #endif diff --git a/library/psa_util.c b/library/psa_util.c index 43a10a32c1..c354f34dbf 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -33,7 +33,7 @@ /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_MD_LIGHT) const mbedtls_error_pair_t psa_to_md_errors[] = { { PSA_SUCCESS, 0 }, From 28f504e89293adb9d3760b925af5bdc321221d8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 30 Mar 2023 09:42:10 +0200 Subject: [PATCH 479/483] Use PSA-neutral function for availability check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We just want to check if this hash is available, and the check is present in builds both with PSA and without it. The function we were using is only present in builds with PSA, so it wasn't appropriate. Signed-off-by: Manuel Pégourié-Gonnard --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 950d8e91c0..8126ae9cf0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -478,7 +478,7 @@ int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, if ((padding == MBEDTLS_RSA_PKCS_V21) && (hash_id != MBEDTLS_MD_NONE)) { /* Just make sure this hash is supported in this build. */ - if (mbedtls_md_psa_alg_from_type(hash_id) == PSA_ALG_NONE) { + if (mbedtls_md_info_from_type(hash_id) == NULL) { return MBEDTLS_ERR_RSA_INVALID_PADDING; } } From 45b34517fb01762b1ee3542e7dc8921f9aad86a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 30 Mar 2023 12:19:35 +0200 Subject: [PATCH 480/483] Keep MD and PSA max size in sync MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some TLS code is using MD_MAX_SIZE in parts that are common to USE_PSA and non-USE_PSA, then using PSA_HASH_MAX_SIZE in parts specific to USE_PSA, and having different values causes trouble. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 1 + include/psa/crypto_sizes.h | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 79e25ea1b4..657b5cc01c 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -151,6 +151,7 @@ typedef enum { MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ } mbedtls_md_type_t; +/* Note: this should be kept in sync with PSA_HASH_MAX_SIZE */ #if defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #elif defined(MBEDTLS_MD_CAN_SHA384) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 75d6582de1..94a8948fe4 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -128,12 +128,22 @@ /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226, * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for * HMAC-SHA3-512. */ -#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384) +/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE. */ +#if defined(PSA_WANT_ALG_SHA_512) #define PSA_HASH_MAX_SIZE 64 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 -#else +#elif defined(PSA_WANT_ALG_SHA_384) +#define PSA_HASH_MAX_SIZE 48 +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 +#elif defined(PSA_WANT_ALG_SHA_256) #define PSA_HASH_MAX_SIZE 32 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 +#elif defined(PSA_WANT_ALG_SHA_224) +#define PSA_HASH_MAX_SIZE 28 +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 +#else /* SHA-1 or smaller */ +#define PSA_HASH_MAX_SIZE 20 +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 #endif /** \def PSA_MAC_MAX_SIZE From f76c2208f6f3a3abd6044d9e47180a3e244717d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 May 2023 12:19:54 +0200 Subject: [PATCH 481/483] Remove mbedtls_psa_translate_md(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The header clearly states all functions here are internal, so we're free to remove them at any time. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/psa_util.h | 45 -------------------------------------- 1 file changed, 45 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 1971646234..528c0ab36e 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -122,51 +122,6 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( } } -/* Translations for hashing. */ - -/* Note: this function should not be used from inside the library, use - * mbedtls_md_psa_alg_from_type() from the internal md_psa.h instead. - * It is kept only for compatibility in case applications were using it. */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -static inline MBEDTLS_DEPRECATED psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) -{ - switch (md_alg) { -#if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5) - case MBEDTLS_MD_MD5: - return PSA_ALG_MD5; -#endif -#if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_MD_SHA1: - return PSA_ALG_SHA_1; -#endif -#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_MD_SHA224: - return PSA_ALG_SHA_224; -#endif -#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return PSA_ALG_SHA_256; -#endif -#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return PSA_ALG_SHA_384; -#endif -#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_MD_SHA512: - return PSA_ALG_SHA_512; -#endif -#if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160) - case MBEDTLS_MD_RIPEMD160: - return PSA_ALG_RIPEMD160; -#endif - case MBEDTLS_MD_NONE: - return 0; - default: - return 0; - } -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /* Translations for ECC. */ static inline int mbedtls_psa_get_ecc_oid_from_id( From c9d98295339752a1e547d1eeb6933dcccbccc224 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 May 2023 12:28:38 +0200 Subject: [PATCH 482/483] Add comment on macros that should be kept in sync MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 11 ++++++++++- include/psa/crypto_sizes.h | 3 ++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 657b5cc01c..44b76f403f 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -151,7 +151,16 @@ typedef enum { MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ } mbedtls_md_type_t; -/* Note: this should be kept in sync with PSA_HASH_MAX_SIZE */ +/* Note: this should always be >= PSA_HASH_MAX_SIZE + * in all builds with both CRYPTO_C and MD_LIGHT. + * + * This is to make things easier for modules such as TLS that may define a + * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA + * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another + * part of the code based on PSA. + * + * Currently both macros have the same value, avoiding such issues. + */ #if defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #elif defined(MBEDTLS_MD_CAN_SHA384) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 94a8948fe4..8cc965b09f 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -128,7 +128,8 @@ /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226, * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for * HMAC-SHA3-512. */ -/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE. */ +/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE, + * see the note on MBEDTLS_MD_MAX_SIZE for details. */ #if defined(PSA_WANT_ALG_SHA_512) #define PSA_HASH_MAX_SIZE 64 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 From cf61a742096e517b114051b054d05296a9d9604a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 25 May 2023 09:11:41 +0200 Subject: [PATCH 483/483] Add static check for macros that should be in sync MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/md.c b/library/md.c index b77ce9f776..0be1d7e4fc 100644 --- a/library/md.c +++ b/library/md.c @@ -70,6 +70,11 @@ #include #endif +/* See comment above MBEDTLS_MD_MAX_SIZE in md.h */ +#if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE +#error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE" +#endif + #if defined(MBEDTLS_MD_CAN_MD5) const mbedtls_md_info_t mbedtls_md5_info = { "MD5",