From b6e7331739d79650dacfbabfa4536257578978ea Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 11 Jun 2024 18:44:48 +0100 Subject: [PATCH 001/124] Fix issue in handling legacy_compression_methods in ssl_tls13_parse_client_hello() Signed-off-by: Waleed Elmelegy --- library/ssl_tls13_server.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index f5ef92032b..ca3ea53857 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1265,6 +1265,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, mbedtls_ssl_handshake_params *handshake = ssl->handshake; int hrr_required = 0; int no_usable_share_for_key_agreement = 0; + unsigned char legacy_compression_methods_len; + unsigned char legacy_compression_methods; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) int got_psk = 0; @@ -1362,6 +1364,13 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, p += cipher_suites_len; cipher_suites_end = p; + legacy_compression_methods_len = *p; + legacy_compression_methods = *(p+1); + + if (legacy_compression_methods_len != 1 || legacy_compression_methods != 0) { + return SSL_CLIENT_HELLO_TLS1_2; + } + /* * Search for the supported versions extension and parse it to determine * if the client supports TLS 1.3. From a5842ac20eab3260cbdc99df182e87b172b63fa9 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 19 Jun 2024 15:09:48 +0100 Subject: [PATCH 002/124] Improve handling of legacy_compression_methods in ssl_tls13_parse_client_hello() Signed-off-by: Waleed Elmelegy --- library/ssl_tls13_server.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index ca3ea53857..ae690e538e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1265,8 +1265,6 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, mbedtls_ssl_handshake_params *handshake = ssl->handshake; int hrr_required = 0; int no_usable_share_for_key_agreement = 0; - unsigned char legacy_compression_methods_len; - unsigned char legacy_compression_methods; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) int got_psk = 0; @@ -1364,19 +1362,17 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, p += cipher_suites_len; cipher_suites_end = p; - legacy_compression_methods_len = *p; - legacy_compression_methods = *(p+1); - - if (legacy_compression_methods_len != 1 || legacy_compression_methods != 0) { - return SSL_CLIENT_HELLO_TLS1_2; - } + /* Check if we have enough data to for legacy_compression_methods + * and a length byte. + */ + MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1 + p[0]); /* * Search for the supported versions extension and parse it to determine * if the client supports TLS 1.3. */ ret = mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts( - ssl, p + 2, end, + ssl, p + 1 + p[0], end, &supported_versions_data, &supported_versions_data_end); if (ret < 0) { MBEDTLS_SSL_DEBUG_RET(1, From 0a9e8a3a1848a9d90661460dac25024ee02de074 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 25 Jun 2024 10:22:49 +0100 Subject: [PATCH 003/124] Correct a small typo in ssl_tls13_parse_client_hello() Signed-off-by: Waleed Elmelegy --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index ae690e538e..27235a7f18 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1362,7 +1362,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, p += cipher_suites_len; cipher_suites_end = p; - /* Check if we have enough data to for legacy_compression_methods + /* Check if we have enough data for legacy_compression_methods * and a length byte. */ MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1 + p[0]); From e2a6aa5369cec0d40158f02dc870895345d2a46c Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 25 Jun 2024 18:16:16 +0100 Subject: [PATCH 004/124] Improve comments explaining legacy_methods_compression handling Signed-off-by: Waleed Elmelegy --- library/ssl_tls13_server.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 27235a7f18..9c949bd0b1 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1355,17 +1355,16 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, * compression methods and the length of the extensions. * * cipher_suites cipher_suites_len bytes - * legacy_compression_methods 2 bytes - * extensions_len 2 bytes + * legacy_compression_methods length 1 byte */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cipher_suites_len + 2 + 2); + MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, cipher_suites_len + 1); p += cipher_suites_len; cipher_suites_end = p; /* Check if we have enough data for legacy_compression_methods - * and a length byte. + * and the length of the extensions (2 bytes). */ - MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 1 + p[0]); + MBEDTLS_SSL_CHK_BUF_READ_PTR(p + 1, end, p[0] + 2); /* * Search for the supported versions extension and parse it to determine From 0b190f1763aefff81cdfe36f252e60ed174d0b0f Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 4 Jul 2024 16:38:04 +0000 Subject: [PATCH 005/124] Add regression testing to handling Legacy_compression_methods Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 646daad199..be06e5ad4b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14135,6 +14135,17 @@ run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \ -c "Selected key exchange mode: psk$" \ -c "HTTP/1.0 200 OK" +# Legacy_compression_methods testing + +requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +run_test "ClientHello parse handle Legacy_compression_methods" \ + "$P_SRV debug_level=3" \ + "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+COMP-DEFLATE localhost" \ + 0 \ + -c "Handshake was completed" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_MEMORY_DEBUG From dc99c890a6c050f6abf8579b983c2d7bb53e9b6b Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Mon, 15 Jul 2024 17:25:04 +0000 Subject: [PATCH 006/124] Improve legacy compression regression testing Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index be06e5ad4b..7a35c43d40 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14138,13 +14138,25 @@ run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \ # Legacy_compression_methods testing requires_gnutls +requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "ClientHello parse handle Legacy_compression_methods" \ +run_test "TLS 1.2 ClientHello indicating support for deflate compression method (fallback from TLS 1.3)" \ "$P_SRV debug_level=3" \ "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+COMP-DEFLATE localhost" \ 0 \ - -c "Handshake was completed" + -c "Handshake was completed" \ + -s "dumping .client hello, compression. (2 bytes)" + +requires_gnutls +requires_config_enabled MBEDTLS_SSL_SRV_C +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "TLS 1.2 ClientHello indicating support for deflate compression method" \ + "$P_SRV debug_level=3" \ + "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+COMP-DEFLATE localhost" \ + 0 \ + -c "Handshake was completed" \ + -s "dumping .client hello, compression. (2 bytes)" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From 835483335e34d33563b9b4644730dca497c338a3 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 16 Jul 2024 10:32:03 +0000 Subject: [PATCH 007/124] Remove redundant legacy compression test Signed-off-by: Waleed Elmelegy --- tests/ssl-opt.sh | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7a35c43d40..1c969e4e92 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -14137,17 +14137,6 @@ run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \ # Legacy_compression_methods testing -requires_gnutls -requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -run_test "TLS 1.2 ClientHello indicating support for deflate compression method (fallback from TLS 1.3)" \ - "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+COMP-DEFLATE localhost" \ - 0 \ - -c "Handshake was completed" \ - -s "dumping .client hello, compression. (2 bytes)" - requires_gnutls requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From 03d62b1958419903c766850294dbec8270e6f309 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 19:31:57 +0100 Subject: [PATCH 008/124] Add psa_key_agreement_iop_t structs and docs Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 42 +++++++++++++++++++++++ tf-psa-crypto/include/psa/crypto_struct.h | 34 ++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 3525da221f..7a48e3eff0 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4810,6 +4810,48 @@ psa_status_t psa_verify_hash_abort( psa_verify_hash_interruptible_operation_t *operation); +/**@}*/ + +/**@}*/ + +/** + * \defgroup interruptible_key_agreement Interruptible Key Agreement + * @{ + */ + +/** + * The type of the state data structure for interruptible key agreement + * operations. + * + * Before calling any function on an interruptible key agreement object, the + * application must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_key_agreement_iop_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_key_agreement_iop_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_KEY_AGREEMENT_IOP_INIT, + * for example: + * - \code + * psa_key_agreement_iop_t operation = PSA_KEY_AGREEMENT_IOP_INIT; + * \endcode + * - Assign the result of the function psa_key_agreement_iop_init() to the + * structure, for example: + * \code + * psa_key_agreement_iop_t operation; + * operation = psa_key_agreement_iop_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. + */ +typedef struct psa_key_agreement_iop_s psa_key_agreement_iop_t; + /**@}*/ #ifdef __cplusplus diff --git a/tf-psa-crypto/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h index 3913551aa8..4a6c9fe7bb 100644 --- a/tf-psa-crypto/include/psa/crypto_struct.h +++ b/tf-psa-crypto/include/psa/crypto_struct.h @@ -494,6 +494,40 @@ psa_verify_hash_interruptible_operation_init(void) return v; } +/** + * \brief The context for PSA interruptible key agreement. + */ +struct psa_key_agreement_iop_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else + /** + * Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). + */ + unsigned int MBEDTLS_PRIVATE(id); + +#endif +}; + +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_KEY_AGREEMENT_IOP_INIT { 0 } +#else +#define PSA_KEY_AGREEMENT_IOP_INIT { 0 } +#endif + +static inline struct psa_key_agreement_iop_s +psa_key_agreement_iop_init(void) +{ + const struct psa_key_agreement_iop_s v = PSA_KEY_AGREEMENT_IOP_INIT; + + return v; +} + #ifdef __cplusplus } #endif From d791062fee1da5171caaf9ca967e59a9555a1524 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 19:33:17 +0100 Subject: [PATCH 009/124] Add psa_key_agreement_iop_get_num_ops() docs Signed-off-by: Paul Elliott --- tf-psa-crypto/core/psa_crypto_ecp.c | 10 ++++++++++ tf-psa-crypto/include/psa/crypto.h | 25 +++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c index 95baff6a0f..9e98cc1296 100644 --- a/tf-psa-crypto/core/psa_crypto_ecp.c +++ b/tf-psa-crypto/core/psa_crypto_ecp.c @@ -592,5 +592,15 @@ exit: } #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ +/****************************************************************/ +/* Interruptible ECC Key Agreement */ +/****************************************************************/ + +uint32_t psa_key_agreement_iop_get_num_ops( + psa_key_agreement_iop_t *operation) +{ + (void) operation; + return 0; +} #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 7a48e3eff0..75ea8fe7fe 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4852,6 +4852,31 @@ psa_status_t psa_verify_hash_abort( */ typedef struct psa_key_agreement_iop_s psa_key_agreement_iop_t; +/** + * \brief Get the number of ops that a key agreement + * operation has taken so far. If the operation has + * completed, then this will represent the number of + * ops required for the entire operation. + * After initialization or calling \c + * psa_key_agreement_iop_abort() on the operation, + * a value of 0 will be returned. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * This is a helper provided to help you tune the + * value passed to \c + * psa_interruptible_set_max_ops(). + * + * \param operation The \c psa_key_agreement_iop_t to use. This must + * be initialized first. + * + * \return Number of ops that the operation has taken so + * far. + */ +uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); + /**@}*/ #ifdef __cplusplus From 2dc58fe717f40c0a7f83fda3dfec0f965d79cde4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 21:30:36 +0100 Subject: [PATCH 010/124] Add psa_key_agreement_iop_setup() documentation Signed-off-by: Paul Elliott --- tf-psa-crypto/core/psa_crypto_ecp.c | 18 ++++ tf-psa-crypto/include/psa/crypto.h | 158 ++++++++++++++++++++++++++++ 2 files changed, 176 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c index 9e98cc1296..ce119e258f 100644 --- a/tf-psa-crypto/core/psa_crypto_ecp.c +++ b/tf-psa-crypto/core/psa_crypto_ecp.c @@ -603,4 +603,22 @@ uint32_t psa_key_agreement_iop_get_num_ops( return 0; } +psa_status_t psa_key_agreement_iop_setup( + psa_key_agreement_iop_t *operation, + psa_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + psa_algorithm_t alg, + const psa_key_attributes_t *attributes) +{ + (void) operation; + (void) private_key; + (void) peer_key; + (void) peer_key_length; + (void) alg; + (void) attributes; + + return PSA_SUCCESS; +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 75ea8fe7fe..c43f674c63 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4877,6 +4877,164 @@ typedef struct psa_key_agreement_iop_s psa_key_agreement_iop_t; */ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); +/** + * \brief Start a key agreement operation, in an + * interruptible manner. + * + * \see \c psa_key_agreement_iop_complete() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_key_agreement_iop_complete() is equivalent + * to \c psa_key_agreement() but \c + * psa_key_agreement_iop_complete() can return + * early and resume according to the limit set with + * \c psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function. + * + * \note Users should call + * \c psa_key_agreement_iop_complete() repeatedly + * on the same operation object after a successful + * call to this function until \c + * psa_key_agreement_iop_complete() either returns + * 0 or an error. + * \c psa_key_agreement_iop_complete() will return + * #PSA_OPERATION_INCOMPLETE if there is more work + * to do. Alternatively users can call + * \c psa_key_agreement_iop_abort() at any point + * if they no longer want the result. + * + * \note If this function returns an error status, the + * operation enters an error state and must be + * aborted by calling \c + * psa_key_agreement_iop_abort(). + * + * \param[in, out] operation The \c psa_key_agreement_iop_t to use. This must + * be initialized as per the documentation for + * \c psa_key_agreement_iop_t, and be inactive. + + * \param private_key Identifier of the private key to use. It must + * allow the usage #PSA_KEY_USAGE_DERIVE. + * \param[in] peer_key Public key of the peer. It must be in the + * same format that psa_import_key() accepts. The + * standard formats for public keys are documented + * in the documentation of psa_export_public_key(). + * The peer key data is parsed with the type + * #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) where + * type is the type of \p private_key, and with the + * same bit-size as \p private_key. + * \param peer_key_length Size of \p peer_key in bytes. + * + * \param alg The key agreement algorithm to compute + * (a \c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true). + * + * \param[in] attributes The attributes for the new key. + * This function uses the attributes as follows: + * * The key type must be one of + * `PSA_KEY_TYPE_DERIVE`,`PSA_KEY_TYPE_RAW_DATA`, + * `PSA_KEY_TYPE_HMAC`, or + * `PSA_KEY_TYPE_PASSWORD`. + * * Implementations must support the + * `PSA_KEY_TYPE_DERIVE` and + * `PSA_KEY_TYPE_RAW_DATA` key types. + * * The size of the returned key is always the + * bit-size of the shared secret, rounded up to a + * whole number of bytes. The key size in \p + * attributes can be zero; if it is nonzero, it + * must be equal to the output size of the key + * agreement, in bits. + * * The output size, in bits, of the key agreement + * is #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(type, + * bits), where type and bits are the type and + * bit-size of \p private_key. + * * The key permitted-algorithm policy is required + * for keys that will be used for a cryptographic + * operation. The key usage flags define what + * operations are permitted with the key. The key + * lifetime and identifier are required for a + * persistent key. + * + * \note \p attributes is an input parameter, it is not + * updated with the final key attributes. The final + * attributes of the new key can be queried by + * calling `psa_get_key_attributes()` with + * the key's identifier. + * + * \retval #PSA_SUCCESS + * The operation started successfully - please call \c + * psa_key_agreement_iop_complete() with the same context to complete + * the operation. + * + * \retval #PSA_ERROR_BAD_STATE + * Another operation has already been started on this context, and is + * still in progress. + * + * \retval #PSA_ERROR_NOT_PERMITTED + * The following conditions can result in this error: + * * Either the \p private_key does not have the #PSA_KEY_USAGE_DERIVE` + * flag, or it does not permit the requested algorithm. + * * The implementation does not permit creating a key with the + * specified attributes due to some implementation-specific policy. + * + * \retval #PSA_ERROR_INVALID_HANDLE + * \p private_key is not a valid key identifier. + * + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is already + * a persistent key with the given identifier. + * + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The following conditions can result in this error: + * * \p alg is not a key agreement algorithm. + * * \p private_key is not compatible with \p alg. + * * \p peer_key is not a valid public key corresponding to + * \p private_key. + * * The output key attributes in \p attributes are not valid: + * - The key type is not valid for key agreement output. + * - The key size is nonzero, and is not the size of the shared + * secret. + * - The key lifetime is invalid. + * - The key identifier is not valid for the key lifetime. + * - The key usage flags include invalid values. + * - The key's permitted-usage algorithm is invalid. + * - The key attributes, as a whole, are invalid. + * + * \retval #PSA_ERROR_NOT_SUPPORTED + * The following conditions can result in this error: + * * \p alg is not supported or is not a key agreement algorithm. + * * \p private_key is not supported for use with \p alg. The output + * key attributes, as a whole, are not supported, either by the + * implementation in general or in the specified storage location. + * + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The following conditions can result in this error: + * * The library has not been previously initialized by + * \c psa_crypto_init(). It is implementation-dependent whether a + * failure to initialize results in this error code. + * * The operation state is not valid: it must be inactive. + */ + +psa_status_t psa_key_agreement_iop_setup( + psa_key_agreement_iop_t *operation, + psa_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + psa_algorithm_t alg, + const psa_key_attributes_t *attributes); + /**@}*/ #ifdef __cplusplus From b06727e463a2af1f30c1dd2b37a87dba3d971d2d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 21:31:55 +0100 Subject: [PATCH 011/124] Add psa_key_agreement_iop_complete() documentation Signed-off-by: Paul Elliott --- tf-psa-crypto/core/psa_crypto_ecp.c | 10 ++++ tf-psa-crypto/include/psa/crypto.h | 82 +++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c index ce119e258f..948e14675b 100644 --- a/tf-psa-crypto/core/psa_crypto_ecp.c +++ b/tf-psa-crypto/core/psa_crypto_ecp.c @@ -621,4 +621,14 @@ psa_status_t psa_key_agreement_iop_setup( return PSA_SUCCESS; } +psa_status_t psa_key_agreement_iop_complete( + psa_key_agreement_iop_t *operation, + psa_key_id_t *key) +{ + (void) operation; + (void) key; + + return PSA_SUCCESS; +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index c43f674c63..7ec865a9ad 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5035,6 +5035,88 @@ psa_status_t psa_key_agreement_iop_setup( psa_algorithm_t alg, const psa_key_attributes_t *attributes); +/** + * \brief Continue and eventually complete the action of + * key agreement, in an interruptible + * manner. + * + * \see \c psa_key_agreement_iop_setup() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_key_agreement_iop_setup() is equivalent to + * \c psa_key_agreement() but this + * function can return early and resume according + * to the limit set with \c + * psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function call. + * + * \note Users should call this function on the same + * operation object repeatedly until it either + * returns 0 or an error. This function will return + * #PSA_OPERATION_INCOMPLETE if there is more work + * to do. Alternatively users can call + * \c psa_key_agreement_iop_abort() at any point if + * they no longer want the result. + * + * \note When this function returns successfully, the + * operation becomes inactive. If this function + * returns an error status, the operation enters an + * error state and must be aborted by calling + * \c psa_key_agreement_iop_abort(). + * + * \param[in, out] operation The \c psa_key_agreement_iop_t to use. This must + * be initialized first, and have had \c + * psa_key_agreement_iop_start() called with it + * first. + * + * \param[out] key On success, an identifier for the newly created + * key, on failure this will be set to + * #PSA_KEY_ID_NULL. + * + * \retval #PSA_SUCCESS + * The operation is complete and \p key contains the shared secret. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * + * \retval #PSA_OPERATION_INCOMPLETE + * Operation was interrupted due to the setting of \c + * psa_interruptible_set_max_ops(). There is still work to be done. + * Call this function again with the same operation object. + * + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is already a + * persistent key with the given identifier. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_BAD_STATE + * An operation was not previously started on this context via + * \c psa_key_agreement_iop_start(). + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The following conditions can result in this error: + * * The library has not been previously initialized by + * \c psa_crypto_init(). It is implementation-dependent whether a + * failure to initialize results in this error code. + * * The operation state is not valid: it must be inactive. + */ +psa_status_t psa_key_agreement_iop_complete( + psa_key_agreement_iop_t *operation, + psa_key_id_t *key); + /**@}*/ #ifdef __cplusplus From 088fd7ec852b3a2db0de73b03de1a562cfa29f5d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 21:40:16 +0100 Subject: [PATCH 012/124] Add psa_key_agreement_iop_abort() documentation Signed-off-by: Paul Elliott --- tf-psa-crypto/core/psa_crypto_ecp.c | 7 +++++ tf-psa-crypto/include/psa/crypto.h | 41 +++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c index 948e14675b..096bc116b2 100644 --- a/tf-psa-crypto/core/psa_crypto_ecp.c +++ b/tf-psa-crypto/core/psa_crypto_ecp.c @@ -631,4 +631,11 @@ psa_status_t psa_key_agreement_iop_complete( return PSA_SUCCESS; } +psa_status_t psa_key_agreement_iop_abort( + psa_key_agreement_iop_t *operation) +{ + (void) operation; + + return PSA_SUCCESS; +} #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 7ec865a9ad..eaac3585c2 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5117,6 +5117,47 @@ psa_status_t psa_key_agreement_iop_complete( psa_key_agreement_iop_t *operation, psa_key_id_t *key); +/** + * \brief Abort a key agreement operation. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function is the only function that clears + * the number of ops completed as part of the + * operation. Please ensure you copy this value via + * \c psa_key_agreement_iop_get_num_ops() if + * required before calling. + * + * \note Aborting an operation frees all + * associated resources except for the operation + * structure itself. Once aborted, the operation + * object can be reused for another operation by + * calling \c psa_key_agreement_iop_setup() again. + * + * \note You may call this function any time after the + * operation object has been initialized. + * In particular, calling \c + * psa_key_agreement_iop_abort() after the + * operation has already been terminated by a call + * to \c psa_key_agreement_iop_abort() or + * psa_key_agreement_iop_complete() is safe. + * + * \param[in,out] operation The \c psa_key_agreement_iop_t to use + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + * + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by + * \c psa_crypto_init(). It is implementation-dependent whether a + * failure to initialize results in this error code. + */ +psa_status_t psa_key_agreement_iop_abort( + psa_key_agreement_iop_t *operation); + /**@}*/ #ifdef __cplusplus From c884b29b9598184f296bf3dded6dfd6730145fac Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jul 2024 17:32:42 +0100 Subject: [PATCH 013/124] Add generated files for new iop key agreement funcs Signed-off-by: Paul Elliott --- tests/include/test/psa_test_wrappers.h | 21 +++++++++++++++ tests/src/psa_test_wrappers.c | 36 ++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h index e6d712bd63..50744392e5 100644 --- a/tests/include/test/psa_test_wrappers.h +++ b/tests/include/test/psa_test_wrappers.h @@ -441,6 +441,27 @@ psa_status_t mbedtls_test_wrap_psa_import_key( #define psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key) \ mbedtls_test_wrap_psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key) +psa_status_t mbedtls_test_wrap_psa_key_agreement_iop_abort( + psa_key_agreement_iop_t *arg0_operation); +#define psa_key_agreement_iop_abort(arg0_operation) \ + mbedtls_test_wrap_psa_key_agreement_iop_abort(arg0_operation) + +psa_status_t mbedtls_test_wrap_psa_key_agreement_iop_complete( + psa_key_agreement_iop_t *arg0_operation, + psa_key_id_t *arg1_key); +#define psa_key_agreement_iop_complete(arg0_operation, arg1_key) \ + mbedtls_test_wrap_psa_key_agreement_iop_complete(arg0_operation, arg1_key) + +psa_status_t mbedtls_test_wrap_psa_key_agreement_iop_setup( + psa_key_agreement_iop_t *arg0_operation, + psa_key_id_t arg1_private_key, + const uint8_t *arg2_peer_key, + size_t arg3_peer_key_length, + psa_algorithm_t arg4_alg, + const psa_key_attributes_t *arg5_attributes); +#define psa_key_agreement_iop_setup(arg0_operation, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_alg, arg5_attributes) \ + mbedtls_test_wrap_psa_key_agreement_iop_setup(arg0_operation, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_alg, arg5_attributes) + psa_status_t mbedtls_test_wrap_psa_key_derivation_abort( psa_key_derivation_operation_t *arg0_operation); #define psa_key_derivation_abort(arg0_operation) \ diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index 24e05c8c6a..44f9868f82 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -773,6 +773,42 @@ psa_status_t mbedtls_test_wrap_psa_import_key( return status; } +/* Wrapper for psa_key_agreement_iop_abort */ +psa_status_t mbedtls_test_wrap_psa_key_agreement_iop_abort( + psa_key_agreement_iop_t *arg0_operation) +{ + psa_status_t status = (psa_key_agreement_iop_abort)(arg0_operation); + return status; +} + +/* Wrapper for psa_key_agreement_iop_complete */ +psa_status_t mbedtls_test_wrap_psa_key_agreement_iop_complete( + psa_key_agreement_iop_t *arg0_operation, + psa_key_id_t *arg1_key) +{ + psa_status_t status = (psa_key_agreement_iop_complete)(arg0_operation, arg1_key); + return status; +} + +/* Wrapper for psa_key_agreement_iop_setup */ +psa_status_t mbedtls_test_wrap_psa_key_agreement_iop_setup( + psa_key_agreement_iop_t *arg0_operation, + psa_key_id_t arg1_private_key, + const uint8_t *arg2_peer_key, + size_t arg3_peer_key_length, + psa_algorithm_t arg4_alg, + const psa_key_attributes_t *arg5_attributes) +{ +#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg2_peer_key, arg3_peer_key_length); +#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ + psa_status_t status = (psa_key_agreement_iop_setup)(arg0_operation, arg1_private_key, arg2_peer_key, arg3_peer_key_length, arg4_alg, arg5_attributes); +#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg2_peer_key, arg3_peer_key_length); +#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ + return status; +} + /* Wrapper for psa_key_derivation_abort */ psa_status_t mbedtls_test_wrap_psa_key_derivation_abort( psa_key_derivation_operation_t *arg0_operation) From cae2bed689bd3d940f6e4f3ed9cdca251f17895d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 31 Jul 2024 18:48:34 +0100 Subject: [PATCH 014/124] Remove unneccessary 'Implementation' references These were copied from the PSA docs when they should not have been. Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index eaac3585c2..f0b740eb64 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4938,14 +4938,11 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * `PSA_KEY_TYPE_DERIVE`,`PSA_KEY_TYPE_RAW_DATA`, * `PSA_KEY_TYPE_HMAC`, or * `PSA_KEY_TYPE_PASSWORD`. - * * Implementations must support the - * `PSA_KEY_TYPE_DERIVE` and - * `PSA_KEY_TYPE_RAW_DATA` key types. * * The size of the returned key is always the * bit-size of the shared secret, rounded up to a * whole number of bytes. The key size in \p - * attributes can be zero; if it is nonzero, it - * must be equal to the output size of the key + * attributes can be zero; if it is nonzero, + * it must be equal to the output size of the key * agreement, in bits. * * The output size, in bits, of the key agreement * is #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(type, @@ -4977,8 +4974,6 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * The following conditions can result in this error: * * Either the \p private_key does not have the #PSA_KEY_USAGE_DERIVE` * flag, or it does not permit the requested algorithm. - * * The implementation does not permit creating a key with the - * specified attributes due to some implementation-specific policy. * * \retval #PSA_ERROR_INVALID_HANDLE * \p private_key is not a valid key identifier. @@ -5022,8 +5017,7 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * \retval #PSA_ERROR_BAD_STATE * The following conditions can result in this error: * * The library has not been previously initialized by - * \c psa_crypto_init(). It is implementation-dependent whether a - * failure to initialize results in this error code. + * \c psa_crypto_init(). * * The operation state is not valid: it must be inactive. */ @@ -5109,8 +5103,7 @@ psa_status_t psa_key_agreement_iop_setup( * \retval #PSA_ERROR_BAD_STATE * The following conditions can result in this error: * * The library has not been previously initialized by - * \c psa_crypto_init(). It is implementation-dependent whether a - * failure to initialize results in this error code. + * \c psa_crypto_init(). * * The operation state is not valid: it must be inactive. */ psa_status_t psa_key_agreement_iop_complete( @@ -5152,8 +5145,7 @@ psa_status_t psa_key_agreement_iop_complete( * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by - * \c psa_crypto_init(). It is implementation-dependent whether a - * failure to initialize results in this error code. + * \c psa_crypto_init(). */ psa_status_t psa_key_agreement_iop_abort( psa_key_agreement_iop_t *operation); From 867815d89daa042e385e642acac3cf6fea458d3a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 31 Jul 2024 18:56:36 +0100 Subject: [PATCH 015/124] Minor formatting fixes Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index f0b740eb64..06ec304b13 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4923,9 +4923,9 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * standard formats for public keys are documented * in the documentation of psa_export_public_key(). * The peer key data is parsed with the type - * #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) where - * type is the type of \p private_key, and with the - * same bit-size as \p private_key. + * #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type) + * where \c type is the type of \p private_key, + * and with the same bit-size as \p private_key. * \param peer_key_length Size of \p peer_key in bytes. * * \param alg The key agreement algorithm to compute @@ -4945,9 +4945,9 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * it must be equal to the output size of the key * agreement, in bits. * * The output size, in bits, of the key agreement - * is #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(type, - * bits), where type and bits are the type and - * bit-size of \p private_key. + * is #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\c type, + * \c bits), where \c type and \c bits are the + * type and bit-size of \p private_key. * * The key permitted-algorithm policy is required * for keys that will be used for a cryptographic * operation. The key usage flags define what @@ -5068,7 +5068,7 @@ psa_status_t psa_key_agreement_iop_setup( * first. * * \param[out] key On success, an identifier for the newly created - * key, on failure this will be set to + * key. On failure this will be set to * #PSA_KEY_ID_NULL. * * \retval #PSA_SUCCESS From 9bcfd8981e6a0b0922f0d2d14fe588615aa1aa19 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Aug 2024 10:29:24 +0100 Subject: [PATCH 016/124] improve return codes and logic description Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 06ec304b13..8d89204237 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4900,7 +4900,7 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * on the same operation object after a successful * call to this function until \c * psa_key_agreement_iop_complete() either returns - * 0 or an error. + * #PSA_SUCCESS or an error. * \c psa_key_agreement_iop_complete() will return * #PSA_OPERATION_INCOMPLETE if there is more work * to do. Alternatively users can call @@ -5049,10 +5049,10 @@ psa_status_t psa_key_agreement_iop_setup( * maximum time spent in a function call. * * \note Users should call this function on the same - * operation object repeatedly until it either - * returns 0 or an error. This function will return - * #PSA_OPERATION_INCOMPLETE if there is more work - * to do. Alternatively users can call + * operation object repeatedly whilst it returns + * #PSA_OPERATION_INCOMPLETE, stopping when it + * returns either #PSA_SUCCESS or an error. + * Alternatively users can call * \c psa_key_agreement_iop_abort() at any point if * they no longer want the result. * From 8e412871c190733db1151d1d076695dc02ce108f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Aug 2024 11:34:07 +0100 Subject: [PATCH 017/124] Clarify ops used reset logic Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 8d89204237..69b438e146 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4961,6 +4961,12 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * calling `psa_get_key_attributes()` with * the key's identifier. * + * \note This function clears the number of ops completed + * as part of the operation. Please ensure you copy + * this value via + * \c psa_key_agreement_iop_get_num_ops() if + * required before calling. + * * \retval #PSA_SUCCESS * The operation started successfully - please call \c * psa_key_agreement_iop_complete() with the same context to complete @@ -5117,9 +5123,9 @@ psa_status_t psa_key_agreement_iop_complete( * at any point. It is not bound by the usual * interface stability promises. * - * \note This function is the only function that clears - * the number of ops completed as part of the - * operation. Please ensure you copy this value via + * \note This function clears the number of ops completed + * as part of the operation. Please ensure you copy + * this value via * \c psa_key_agreement_iop_get_num_ops() if * required before calling. * From 4b0b35e1d7f609d66eb6fac7970c1e548f59a60d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Aug 2024 11:37:17 +0100 Subject: [PATCH 018/124] Clarify PSA_ERROR_NOT_SUPPORTED error reasons Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 69b438e146..310cfc768d 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5006,10 +5006,8 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * * \retval #PSA_ERROR_NOT_SUPPORTED * The following conditions can result in this error: - * * \p alg is not supported or is not a key agreement algorithm. - * * \p private_key is not supported for use with \p alg. The output - * key attributes, as a whole, are not supported, either by the - * implementation in general or in the specified storage location. + * * \p alg is not supported. + * * \p private_key is not supported for use with \p alg. * * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription From 459448b8cf3876a496533307f7776a4dffb8269c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Aug 2024 11:50:16 +0100 Subject: [PATCH 019/124] Neaten 'Please call next function' docs. Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 310cfc768d..3260620c8c 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4968,9 +4968,9 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * required before calling. * * \retval #PSA_SUCCESS - * The operation started successfully - please call \c - * psa_key_agreement_iop_complete() with the same context to complete - * the operation. + * The operation started successfully. + * Call \c psa_key_agreement_iop_complete() with the same context to + * complete the operation. * * \retval #PSA_ERROR_BAD_STATE * Another operation has already been started on this context, and is From 5238475ac6c459dce281e15c568ee61d71ecff8d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Aug 2024 17:52:51 +0100 Subject: [PATCH 020/124] Update key attribute documentation inline with PSA Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 43 +++++++++++++++--------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 3260620c8c..f90ea4ca1d 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4933,27 +4933,28 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true). * * \param[in] attributes The attributes for the new key. - * This function uses the attributes as follows: - * * The key type must be one of - * `PSA_KEY_TYPE_DERIVE`,`PSA_KEY_TYPE_RAW_DATA`, - * `PSA_KEY_TYPE_HMAC`, or - * `PSA_KEY_TYPE_PASSWORD`. - * * The size of the returned key is always the - * bit-size of the shared secret, rounded up to a - * whole number of bytes. The key size in \p - * attributes can be zero; if it is nonzero, - * it must be equal to the output size of the key - * agreement, in bits. - * * The output size, in bits, of the key agreement - * is #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\c type, - * \c bits), where \c type and \c bits are the - * type and bit-size of \p private_key. - * * The key permitted-algorithm policy is required - * for keys that will be used for a cryptographic - * operation. The key usage flags define what - * operations are permitted with the key. The key - * lifetime and identifier are required for a - * persistent key. + * The following attributes are required for all + * keys: + * * The key type, which must be one of + * #PSA_KEY_TYPE_DERIVE, #PSA_KEY_TYPE_RAW_DATA, + * #PSA_KEY_TYPE_HMAC or #PSA_KEY_TYPE_PASSWORD. + * The following attributes must be set for keys + * used in cryptographic operations: + * * The key permitted-algorithm policy + * * The key usage flags + * The following attributes must be set for keys + * that do not use the default volatile lifetime: + * * The key lifetime + * * The key identifier is required for a key with + * a persistent lifetime + * The following attributes are optional: + * * If the key size is nonzero, it must be equal + * to the output size of the key agreement, + * in bits. + * The output size, in bits, of the key agreement + * is 8 * #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\c + * type, \c bits), where \c type and \c bits are + * the type and bit-size of \p private_key. * * \note \p attributes is an input parameter, it is not * updated with the final key attributes. The final From 623c09a1ebe6f4e0f778f0607f887c62b14214b6 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Aug 2024 18:16:35 +0100 Subject: [PATCH 021/124] Change over to psa_raw_key_agreement psa_key_agreement exists, but only in the PSA spec, we have not implemented it, so refer to the one we actually implemented. Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index f90ea4ca1d..17a39c345e 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4889,7 +4889,7 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * * \note This function combined with \c * psa_key_agreement_iop_complete() is equivalent - * to \c psa_key_agreement() but \c + * to \c psa_raw_key_agreement() but \c * psa_key_agreement_iop_complete() can return * early and resume according to the limit set with * \c psa_interruptible_set_max_ops() to reduce the @@ -5047,7 +5047,7 @@ psa_status_t psa_key_agreement_iop_setup( * * \note This function combined with \c * psa_key_agreement_iop_setup() is equivalent to - * \c psa_key_agreement() but this + * \c psa_raw_key_agreement() but this * function can return early and resume according * to the limit set with \c * psa_interruptible_set_max_ops() to reduce the From 327da4774b040695e26be990c60a48000afb70f3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Aug 2024 18:21:13 +0100 Subject: [PATCH 022/124] Clarify key type support Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 17a39c345e..e5c148dd87 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5009,6 +5009,8 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * The following conditions can result in this error: * * \p alg is not supported. * * \p private_key is not supported for use with \p alg. + * * Only elliptic curve Diffie-Hellman with ECC keys is supported, not + * finite field Diffie_hellman with DH keys. * * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription From e50edc0d954465449be0cde8a0b5a6d37bf6c618 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 1 Aug 2024 18:28:07 +0100 Subject: [PATCH 023/124] Add warning about not using keys directly Keys that are the result of key agreement have biases and really should not be used directly. Warning taken in part from psa_raw_key_agreement() Signed-off-by: Paul Elliott --- tf-psa-crypto/include/psa/crypto.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index e5c148dd87..e840a40cde 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4887,6 +4887,12 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * at any point. It is not bound by the usual * interface stability promises. * + * \warning The raw result of a key agreement algorithm such + * elliptic curve Diffie-Hellman has biases + * and should not be used directly as key material. + * It should instead be passed as input to a key + * derivation algorithm. + * * \note This function combined with \c * psa_key_agreement_iop_complete() is equivalent * to \c psa_raw_key_agreement() but \c From 26561b71222e9e333a52481f63ebba7af7966ae0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 5 Aug 2024 11:22:12 +0100 Subject: [PATCH 024/124] Fix typos Signed-off-by: Janos Follath --- tf-psa-crypto/include/psa/crypto.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index e840a40cde..bc758e644d 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5016,7 +5016,7 @@ uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t *operation); * * \p alg is not supported. * * \p private_key is not supported for use with \p alg. * * Only elliptic curve Diffie-Hellman with ECC keys is supported, not - * finite field Diffie_hellman with DH keys. + * finite field Diffie-Hellman with DH keys. * * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription @@ -5062,7 +5062,7 @@ psa_status_t psa_key_agreement_iop_setup( * maximum time spent in a function call. * * \note Users should call this function on the same - * operation object repeatedly whilst it returns + * operation object repeatedly while it returns * #PSA_OPERATION_INCOMPLETE, stopping when it * returns either #PSA_SUCCESS or an error. * Alternatively users can call From 8dde3b3deca90263cff5e58d894efc004581d85a Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Fri, 5 Jul 2024 12:10:21 +0100 Subject: [PATCH 025/124] Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY Signed-off-by: Elena Uziunaite --- library/ssl_misc.h | 4 +- library/ssl_tls.c | 12 +- library/x509_crt.c | 16 +- programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_server2.c | 4 +- tests/src/psa_exercise_key.c | 4 +- tests/suites/test_suite_debug.data | 2 +- tests/suites/test_suite_ssl.data | 42 ++-- tests/suites/test_suite_ssl.function | 6 +- .../drivers/builtin/include/mbedtls/oid.h | 4 +- tf-psa-crypto/drivers/builtin/src/oid.c | 4 +- tf-psa-crypto/drivers/builtin/src/pk.c | 28 +-- tf-psa-crypto/drivers/builtin/src/pk_ecc.c | 4 +- .../drivers/builtin/src/pk_internal.h | 10 +- tf-psa-crypto/drivers/builtin/src/pk_wrap.c | 8 +- tf-psa-crypto/drivers/builtin/src/pk_wrap.h | 2 +- tf-psa-crypto/drivers/builtin/src/pkparse.c | 32 +-- tf-psa-crypto/drivers/builtin/src/pkwrite.c | 22 +-- tf-psa-crypto/drivers/builtin/src/pkwrite.h | 6 +- tf-psa-crypto/tests/suites/test_suite_pk.data | 184 +++++++++--------- .../tests/suites/test_suite_pk.function | 12 +- .../tests/suites/test_suite_pkparse.data | 18 +- .../tests/suites/test_suite_pkparse.function | 10 +- .../tests/suites/test_suite_pkwrite.data | 58 +++--- 24 files changed, 248 insertions(+), 248 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5b683bf91d..ade1c27dc4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1576,10 +1576,10 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id); -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id); -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /** * \brief Return PSA EC info for the specified TLS ID. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bd2f591021..03995488cd 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4765,14 +4765,14 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) return; } -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #if !defined(MBEDTLS_DEPRECATED_REMOVED) if (ssl->handshake->group_list_heap_allocated) { mbedtls_free((void *) handshake->group_list); } handshake->group_list = NULL; #endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -6217,7 +6217,7 @@ int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_ return -1; } -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* * Same as mbedtls_ssl_check_curve_tls_id() but with a mbedtls_ecp_group_id. */ @@ -6231,7 +6231,7 @@ int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id return mbedtls_ssl_check_curve_tls_id(ssl, tls_id); } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ static const struct { uint16_t tls_id; @@ -8030,7 +8030,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, * Secondary checks: always done, but change 'ret' only if it was 0 */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) { const mbedtls_pk_context *pk = &chain->pk; @@ -8057,7 +8057,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, } } } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ if (mbedtls_ssl_check_cert_usage(chain, ciphersuite_info, diff --git a/library/x509_crt.c b/library/x509_crt.c index 2fd56fbd79..5060ca330f 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -92,7 +92,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 0xFFFFFFF, /* Any PK alg */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* Curves at or above 128-bit security level. Note that this selection * should be aligned with ssl_preset_default_curves in ssl_tls.c. */ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | @@ -102,9 +102,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | 0, -#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 0, -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 2048, }; @@ -143,13 +143,13 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = /* Only ECDSA */ MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* Only NIST P-256 and P-384 */ MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), -#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 0, -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ 0, }; @@ -219,7 +219,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (pk_alg == MBEDTLS_PK_ECDSA || pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { @@ -235,7 +235,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, return -1; } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ return -1; } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index fef5c460d9..ce910c0df0 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -249,7 +249,7 @@ int main(void) #define USAGE_ALPN "" #endif /* MBEDTLS_SSL_ALPN */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \ +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH)) #define USAGE_GROUPS \ @@ -1967,7 +1967,7 @@ usage: } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \ +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH)) if (opt.groups != NULL && diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 81b125693d..c2f401aefa 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -438,7 +438,7 @@ int main(void) #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \ +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH)) #define USAGE_GROUPS \ @@ -3159,7 +3159,7 @@ usage: } #endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \ +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH)) if (opt.groups != NULL && diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index b2232764a7..ee8399722c 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -1284,7 +1284,7 @@ int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, break; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: @@ -1295,7 +1295,7 @@ int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, pk_public_buffer, sizeof(pk_public_buffer)), 0); pk_public = pk_public_buffer; break; -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_USE_PSA_CRYPTO) case MBEDTLS_PK_OPAQUE: diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 1a900799a0..e324365f61 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -63,5 +63,5 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 12969f70de..08057f4055 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -437,87 +437,87 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8da8ed605e..303193af8f 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2526,7 +2526,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_HAVE_ECC_KEYS */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass) { enum { BUFFSIZE = 1024 }; @@ -2599,7 +2599,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void handshake_version(int dtls, int client_min_version, int client_max_version, int server_min_version, int server_max_version, int expected_negotiated_version) @@ -2720,7 +2720,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h index fdc25ebf88..03669443cb 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h @@ -557,7 +557,7 @@ int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_al int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, const char **oid, size_t *olen); -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /** * \brief Translate NamedCurve OID into an EC group identifier * @@ -603,7 +603,7 @@ int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_ */ int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, const char **oid, size_t *olen); -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /** * \brief Translate SignatureAlgorithm OID into md_type and pk_type diff --git a/tf-psa-crypto/drivers/builtin/src/oid.c b/tf-psa-crypto/drivers/builtin/src/oid.c index d5490d25fd..71c7365d92 100644 --- a/tf-psa-crypto/drivers/builtin/src/oid.c +++ b/tf-psa-crypto/drivers/builtin/src/oid.c @@ -531,7 +531,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, mbedtls_pk_type_t, pk_alg) -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* * For elliptic curves that use namedCurve inside ECParams (RFC 5480) */ @@ -662,7 +662,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, oid_ecp_grp_algid, mbedtls_ecp_group_id, grp_id) -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #if defined(MBEDTLS_CIPHER_C) /* diff --git a/tf-psa-crypto/drivers/builtin/src/pk.c b/tf-psa-crypto/drivers/builtin/src/pk.c index 3fe51ea34f..b97f43816d 100644 --- a/tf-psa-crypto/drivers/builtin/src/pk.c +++ b/tf-psa-crypto/drivers/builtin/src/pk.c @@ -20,7 +20,7 @@ #include "mbedtls/rsa.h" #include "rsa_internal.h" #endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #include "mbedtls/ecp.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -118,12 +118,12 @@ const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type) case MBEDTLS_PK_RSA: return &mbedtls_rsa_info; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) case MBEDTLS_PK_ECKEY: return &mbedtls_eckey_info; case MBEDTLS_PK_ECKEY_DH: return &mbedtls_eckeydh_info; -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) case MBEDTLS_PK_ECDSA: return &mbedtls_ecdsa_info; @@ -174,11 +174,11 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, type = psa_get_key_type(&attributes); psa_reset_key_attributes(&attributes); -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { info = &mbedtls_ecdsa_opaque_info; } else -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { info = &mbedtls_rsa_opaque_info; } else { @@ -457,7 +457,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: @@ -512,7 +512,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, psa_set_key_algorithm(attributes, alg); break; } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) case MBEDTLS_PK_RSA_ALT: @@ -671,7 +671,7 @@ static int import_pair_into_psa(const mbedtls_pk_context *pk, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: @@ -724,7 +724,7 @@ static int import_pair_into_psa(const mbedtls_pk_context *pk, return ret; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #if defined(MBEDTLS_USE_PSA_CRYPTO) case MBEDTLS_PK_OPAQUE: @@ -743,7 +743,7 @@ static int import_public_into_psa(const mbedtls_pk_context *pk, psa_key_type_t psa_type = psa_get_key_type(attributes); #if defined(MBEDTLS_RSA_C) || \ - (defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)) || \ + (defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)) || \ defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char key_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; #endif @@ -769,7 +769,7 @@ static int import_public_into_psa(const mbedtls_pk_context *pk, } #endif /*MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: @@ -803,7 +803,7 @@ static int import_public_into_psa(const mbedtls_pk_context *pk, #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ break; } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #if defined(MBEDTLS_USE_PSA_CRYPTO) case MBEDTLS_PK_OPAQUE: @@ -934,7 +934,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, } } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type)) { mbedtls_ecp_group_id grp_id; @@ -965,7 +965,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, goto exit; } } else -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ { (void) key_bits; return MBEDTLS_ERR_PK_BAD_INPUT_DATA; diff --git a/tf-psa-crypto/drivers/builtin/src/pk_ecc.c b/tf-psa-crypto/drivers/builtin/src/pk_ecc.c index 86218fffc8..707988d2d9 100644 --- a/tf-psa-crypto/drivers/builtin/src/pk_ecc.c +++ b/tf-psa-crypto/drivers/builtin/src/pk_ecc.c @@ -12,7 +12,7 @@ #include "mbedtls/ecp.h" #include "pk_internal.h" -#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(MBEDTLS_PK_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) int mbedtls_pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) { @@ -252,4 +252,4 @@ int mbedtls_pk_ecc_set_pubkey(mbedtls_pk_context *pk, const unsigned char *pub, #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } -#endif /* MBEDTLS_PK_C && MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* MBEDTLS_PK_C && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ diff --git a/tf-psa-crypto/drivers/builtin/src/pk_internal.h b/tf-psa-crypto/drivers/builtin/src/pk_internal.h index b728615f94..ab16e90b3e 100644 --- a/tf-psa-crypto/drivers/builtin/src/pk_internal.h +++ b/tf-psa-crypto/drivers/builtin/src/pk_internal.h @@ -13,7 +13,7 @@ #include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #include "mbedtls/ecp.h" #endif @@ -44,7 +44,7 @@ #define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----" #define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----END ENCRYPTED PRIVATE KEY-----" -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) /** * Public function mbedtls_pk_ec() can be used to get direct access to the * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not @@ -80,9 +80,9 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) return NULL; } } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !MBEDTLS_PK_USE_PSA_EC_DATA */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_context *pk) { mbedtls_ecp_group_id id; @@ -183,7 +183,7 @@ int mbedtls_pk_ecc_set_pubkey(mbedtls_pk_context *pk, const unsigned char *pub, int mbedtls_pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk, const unsigned char *prv, size_t prv_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /* Helper for (deterministic) ECDSA */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) diff --git a/tf-psa-crypto/drivers/builtin/src/pk_wrap.c b/tf-psa-crypto/drivers/builtin/src/pk_wrap.c index 8710889bbb..a9153a2cd8 100644 --- a/tf-psa-crypto/drivers/builtin/src/pk_wrap.c +++ b/tf-psa-crypto/drivers/builtin/src/pk_wrap.c @@ -505,7 +505,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { }; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* * Generic EC key */ @@ -1263,7 +1263,7 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = { .debug_func = eckey_debug, /* Compatible key structures */ }; #endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* @@ -1414,7 +1414,7 @@ static size_t opaque_get_bitlen(mbedtls_pk_context *pk) return bits; } -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) static int ecdsa_opaque_can_do(mbedtls_pk_type_t type) { return type == MBEDTLS_PK_ECKEY || @@ -1449,7 +1449,7 @@ const mbedtls_pk_info_t mbedtls_ecdsa_opaque_info = { .ctx_free_func = NULL, .debug_func = NULL, }; -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ static int rsa_opaque_can_do(mbedtls_pk_type_t type) { diff --git a/tf-psa-crypto/drivers/builtin/src/pk_wrap.h b/tf-psa-crypto/drivers/builtin/src/pk_wrap.h index be096da53a..5f5f6b0160 100644 --- a/tf-psa-crypto/drivers/builtin/src/pk_wrap.h +++ b/tf-psa-crypto/drivers/builtin/src/pk_wrap.h @@ -108,7 +108,7 @@ typedef struct { extern const mbedtls_pk_info_t mbedtls_rsa_info; #endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) extern const mbedtls_pk_info_t mbedtls_eckey_info; extern const mbedtls_pk_info_t mbedtls_eckeydh_info; #endif diff --git a/tf-psa-crypto/drivers/builtin/src/pkparse.c b/tf-psa-crypto/drivers/builtin/src/pkparse.c index 4f6ee13986..3419ad90cc 100644 --- a/tf-psa-crypto/drivers/builtin/src/pkparse.c +++ b/tf-psa-crypto/drivers/builtin/src/pkparse.c @@ -42,7 +42,7 @@ #include "mbedtls/pkcs12.h" #endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /*********************************************************************** * @@ -460,7 +460,7 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, } #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /* Get a PK algorithm identifier * @@ -483,7 +483,7 @@ static int pk_get_pk_alg(unsigned char **p, } ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg); -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id); if (ret == 0) { @@ -567,7 +567,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, } } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { @@ -582,7 +582,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, *p += end - *p; } } else -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; if (ret == 0 && *p != end) { @@ -597,7 +597,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, return ret; } -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* * Parse a SEC1 encoded private EC key */ @@ -718,7 +718,7 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, return 0; } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /*********************************************************************** * @@ -753,7 +753,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; const mbedtls_pk_info_t *pk_info; -#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if !defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) (void) f_rng; (void) p_rng; #endif @@ -818,7 +818,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( } } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { @@ -840,7 +840,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( } } } else -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; end = p + len; @@ -1018,7 +1018,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; @@ -1047,7 +1047,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { return ret; } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if (key[keylen - 1] != '\0') { @@ -1151,7 +1151,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, mbedtls_pk_init(pk); #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); if (mbedtls_pk_setup(pk, pk_info) == 0 && pk_parse_key_sec1_der(pk, @@ -1159,13 +1159,13 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, return 0; } mbedtls_pk_free(pk); -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - /* If MBEDTLS_RSA_C is defined but MBEDTLS_PK_HAVE_ECC_KEYS isn't, + /* If MBEDTLS_RSA_C is defined but PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY isn't, * it is ok to leave the PK context initialized but not * freed: It is the caller's responsibility to call pk_init() * before calling this function, and to call pk_free() - * when it fails. If MBEDTLS_PK_HAVE_ECC_KEYS is defined but MBEDTLS_RSA_C + * when it fails. If PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY is defined but MBEDTLS_RSA_C * isn't, this leads to mbedtls_pk_free() being called * twice, once here and once by the caller, but this is * also ok and in line with the mbedtls_pk_free() calls diff --git a/tf-psa-crypto/drivers/builtin/src/pkwrite.c b/tf-psa-crypto/drivers/builtin/src/pkwrite.c index 5e009c565e..8c01b440ae 100644 --- a/tf-psa-crypto/drivers/builtin/src/pkwrite.c +++ b/tf-psa-crypto/drivers/builtin/src/pkwrite.c @@ -23,10 +23,10 @@ #include "mbedtls/ecp.h" #include "mbedtls/platform_util.h" #endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #include "pk_internal.h" #endif -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(MBEDTLS_RSA_C) || defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #include "pkwrite.h" #endif #if defined(MBEDTLS_PEM_WRITE_C) @@ -85,7 +85,7 @@ static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, /****************************************************************************** * Internal functions for EC keys. ******************************************************************************/ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) @@ -343,7 +343,7 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf, return (int) len; } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /****************************************************************************** * Internal functions for Opaque keys. @@ -419,7 +419,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p)); } else #endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); } else @@ -468,7 +468,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu pk_type = pk_get_type_ext(key); -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { mbedtls_ecp_group_id ec_grp_id = mbedtls_pk_get_ec_group_id(key); if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { @@ -481,7 +481,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id)); } } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /* At this point oid_len is not null only for EC Montgomery keys. */ if (oid_len == 0) { @@ -516,7 +516,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, return pk_write_rsa_der(&c, buf, key); } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410(key)) { @@ -525,7 +525,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ return pk_write_ec_der(&c, buf, key); } else -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } @@ -589,7 +589,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, end = PEM_END_PRIVATE_KEY_RSA "\n"; } else #endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) if (pk_get_type_ext(key) == MBEDTLS_PK_ECKEY) { if (mbedtls_pk_is_rfc8410(key)) { begin = PEM_BEGIN_PRIVATE_KEY_PKCS8 "\n"; @@ -599,7 +599,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, end = PEM_END_PRIVATE_KEY_EC "\n"; } } else -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ { ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; goto cleanup; diff --git a/tf-psa-crypto/drivers/builtin/src/pkwrite.h b/tf-psa-crypto/drivers/builtin/src/pkwrite.h index 01dc3d2f0f..f7fb18aa4f 100644 --- a/tf-psa-crypto/drivers/builtin/src/pkwrite.h +++ b/tf-psa-crypto/drivers/builtin/src/pkwrite.h @@ -65,7 +65,7 @@ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* Find the maximum number of bytes necessary to store an EC point. When USE_PSA * is defined this means looking for the maximum between PSA and built-in @@ -103,12 +103,12 @@ */ #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_PK_MAX_ECC_BYTES) -#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0 #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0 -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /* Define the maximum available public key DER length based on the supported * key types (EC and/or RSA). */ diff --git a/tf-psa-crypto/tests/suites/test_suite_pk.data b/tf-psa-crypto/tests/suites/test_suite_pk.data index 34c6e972bf..3730f21249 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pk.data +++ b/tf-psa-crypto/tests/suites/test_suite_pk.data @@ -27,19 +27,19 @@ depends_on:MBEDTLS_RSA_C pk_utils:MBEDTLS_PK_RSA:1030:1030:(1030 + 7) / 8:"RSA" PK utils: ECKEY SECP192R1 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_192 pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC" PK utils: ECKEY_DH SECP192R1 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_192 pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH" PK utils: ECKEY_DH Curve25519 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH" PK utils: ECKEY_DH Curve448 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_448 pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH" PK utils: ECDSA SECP192R1 @@ -303,11 +303,11 @@ depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1 PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256) @@ -431,7 +431,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SE pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0:0:0 EC_DH (no) sign-verify: SECP192R1 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_192 pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:0:0:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify, PKCS1v1.5, SHA1 @@ -495,11 +495,11 @@ depends_on:MBEDTLS_PKCS1_V15 pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":MBEDTLS_RSA_PKCS_V15:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING EC nocrypt -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_ec_nocrypt:MBEDTLS_PK_ECKEY EC-DH nocrypt -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_ec_nocrypt:MBEDTLS_PK_ECKEY_DH ECDSA nocrypt @@ -595,11 +595,11 @@ depends_on:MBEDTLS_PKCS1_V21:PSA_WANT_ALG_SHA_256 pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED Check pair #1 (EC, OK) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PEM_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"../../framework/data_files/ec_256_pub.pem":"../../framework/data_files/ec_256_prv.pem":0 Check pair #2 (EC, bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PEM_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"../../framework/data_files/ec_256_pub.pem":"../../framework/data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA Check pair #3 (RSA, OK) @@ -611,7 +611,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"../../framework/data_files/server1.pubkey":"../../framework/data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED Check pair #5 (RSA vs EC) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"../../framework/data_files/ec_256_pub.pem":"../../framework/data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH RSA hash_len overflow (size_t vs unsigned int) @@ -895,171 +895,171 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA pair DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public DECRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA pair ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public ENCRYPT (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair DERIVE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH PSA attributes for pk: ECKEY_DH pair DERIVE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH PSA attributes for pk: ECDSA pair DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public DERIVE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair SIGN_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair SIGN_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair SIGN_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair SIGN_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY pair->public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA pair->public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA public VERIFY_MESSAGE -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECDSA public VERIFY_HASH -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) PSA attributes for pk: ECKEY public SIGN_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public SIGN_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY public SIGN_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECDSA public SIGN_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair SIGN_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair VERIFY_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH pair VERIFY_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public SIGN_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public SIGN_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public VERIFY_MESSAGE (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY_DH public VERIFY_HASH (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy) @@ -1152,51 +1152,51 @@ depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy) -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque ECC pair, SIGN|VERIFY & SIGN_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair, SIGN|DECRYPT & SIGN_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque ECC pair, ... & DERIVE -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE PSA attributes for pk: opaque ECC pair, ... & DECRYPT (bad) -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad) -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad) -depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0 PSA import into PSA: RSA pair to ECC (bad) @@ -1223,99 +1223,99 @@ depends_on:MBEDTLS_RSA_C pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE + 8:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: ECKEY pair to RSA (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to RSA (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to RSA (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY pair to different curve (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to different curve (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to different curve (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY pair to public, different curve (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to public, different curve (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to public, different curve (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY public to different curve (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH public to different curve (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA public to different curve (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY pair to different bits (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH pair to different bits (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA pair to different bits (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY public to different bits (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH public to different bits (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA public to different bits (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY private to public, different bits (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH private to public, different bits (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA private to public, different bits (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY public to pair (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECKEY_DH public to pair (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: ECDSA public to pair (bad) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: transparent -> volatile pair @@ -1666,9 +1666,9 @@ depends_on:MBEDTLS_RSA_C pk_copy_public_from_psa:"308204a40201000282010100ef24d80f6b7a0f62ab2f750a8370c1c39781abe2f7ae5cbc698ebbc51067af68c8b02e5bfafe0b296a2fdca8ee5327bf3370bd26c529d173c4356d8ad51f606ac730e3be509d8535c9c51927222d6c4e770efec4d9b0bd11410e5e2e01e093700d358aab8292297483c65870ea6d4ca9299f4347790f6223480732726a97b34bb4d53cb3f188e3c97115b029fa9a2cce4c6d935977a90737ac8b2a2c5691ad928b22681ca05ee38ddba2278c854f51281c5e4856090aca59bf719a167e63bb932580ae2b599e1a297194696e637a919bc9d2caf214e59d46ed1a12e591b608f2031744111551430d9ac39082957ae1ce03a88068896701e6ce19a83890ff5761020301000102820100706fb53a02c13fcc9749d7d09a9e002c12e6bfc715c6a00961e3defab74cd896fe8c7f2f75e1cda3aa2e58a400718e65822d0671dd0f5d4ffdb7550a8a4b974c7cdccaa72745f864a2ba0daa6d9247b2d89d6f41644c89883c3b2222a5754e3cc7a91dcaa7b84acf6249763998aeccf558016e638352ad44835006f2ee94e691d0070ce561677f2a22a12f357bd762c57f80f1f4921f0f26b3ed758478d11086c182874355ef5039e8d854291b9ce7f8b284ec81f141b7255313507f5ea159d6b1c0ee176e7743d3c65d536e1e4aaf24089c1e00c8021012b8846a4971a0695030504ace362077e8b2fcb4fbdd70bfb734a3fe7d9e1a25bdd0cb0f2fcb56ecc502818100f8fdfbac1c033911b5a184980d081f700f4d450cebf18cbdc68f160a5abd580e6f8f5800fd0b60521dbe2d549e82617afe70d2ad004c2f45405d94e4418e8c2b8da6bcaa407bbfa5477b5a6fceccfcb99f51c6c16bd17202d997bdcaec83b870e3e101acc05e0754020ec207ef5ec9934ac81cd617af72cd94b2bb400eb2078302818100f5dfe74a548c04950178f50130d5aadbe5d1f4b52527c0bfad9aa0d73731fb24219cb5ea5c4b4fa56133d5ea9225fa7d0ccc9bdcc78b77303a2e73c17e9a46b9b09020604496a849f069d0d87713e06a5d374271b2629f5ba220506b606a101828d20da9fcfa3a7e75b135987260be6d37622fc3f4bf4fd2dfd9655da5ff0c4b02818100d4d797c959f0cf59fa1f65ceec64e32ad189c5daf3ddf9e747d28c8eb15e65e5812bd19896b6a0d1d126fe6cf54a92b5a6c71ef04feed001acb1d253044f2c3716d14f396201e6a30c65bfbb0fd65ebaf61bdb80ffff7c2c3f80dcf69813491907531231700770d0392a1066e411ecd201fce9d98149b32355572b85e889faad028181009d898bc165709d52f7b18f91e6bf508d3ab08ed12df04da0c2d40b7039ce4d72b61299c082c8424cdd7dfff71f13346ec12fac42069cc68e6108f86427012485bfaa6904258e3e5fb9a9a305bf2e3e21087eea94bcce51fabd63650397affd85ed49c1358480b3cfe90ad5234b4dcf555d220d26c9ff765ecfcc94152fd1be070281804bf77b4bae8386772de830cc75f2d1d4b8221b3f817208e08c002ac0549902677e4f0e7bce5ba1b3da74fbbe138758e6853b4a5b7bf0672bc1170c64fa502a5e24e3472db433b4e30761eab6ebb9e207235fd88b97b1b30e14f364b628219d6e17056543a4e29a4de1e41ad37927ce23d0442623744bc35a1874296960029044":PSA_KEY_TYPE_RSA_KEY_PAIR Copy from PSA: non-exportable -> public, SECP_R1_256 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 pk_copy_public_from_psa:"587CF7C57EB7C6254CBF80CC59846521B4FBCBA8BC4B362A9B043F0DEB49CCA1":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) Copy from PSA: non-exportable -> public, Curve25519 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_copy_public_from_psa:"a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY) diff --git a/tf-psa-crypto/tests/suites/test_suite_pk.function b/tf-psa-crypto/tests/suites/test_suite_pk.function index f91001bb59..18acabc22f 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pk.function +++ b/tf-psa-crypto/tests/suites/test_suite_pk.function @@ -424,7 +424,7 @@ static int pk_public_same(const mbedtls_pk_context *pk1, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: @@ -454,7 +454,7 @@ static int pk_public_same(const mbedtls_pk_context *pk1, #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } break; -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ default: TEST_FAIL("Unsupported pk type in pk_public_same"); @@ -523,7 +523,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: @@ -552,7 +552,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, } break; } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ default: TEST_FAIL("Unknown PK type in test data"); @@ -2524,13 +2524,13 @@ void pk_copy_from_psa_fail(void) psa_destroy_key(key_id); #endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && defined(PSA_WANT_ECC_SECP_R1_256) /* Generate an EC key which cannot be exported. */ PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, 0, PSA_ALG_NONE, PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH); psa_destroy_key(key_id); -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && PSA_WANT_ECC_SECP_R1_256 */ exit: mbedtls_pk_free(&pk_ctx); diff --git a/tf-psa-crypto/tests/suites/test_suite_pkparse.data b/tf-psa-crypto/tests/suites/test_suite_pkparse.data index d988e6f9f5..f528c14b83 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pkparse.data +++ b/tf-psa-crypto/tests/suites/test_suite_pkparse.data @@ -1033,7 +1033,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_MONTGOMERY_448 pk_parse_public_keyfile_ec:"../../framework/data_files/ec_x448_pub.pem":0 Parse EC Key #1 (SEC1 DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_192 pk_parse_keyfile_ec:"../../framework/data_files/ec_prv.sec1.der":"NULL":0 Parse EC Key #2 (SEC1 PEM) @@ -1163,38 +1163,38 @@ Key ASN1 (First tag not Sequence) pk_parse_key:"020100":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (ECPrivateKey, empty parameters) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with NULL private key) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier) pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (Encrypted key PKCS5, trailing garbage data) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_key_encrypted:"307C304006092A864886F70D01050D3033301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC3949100438AD100BAC552FD0AE70BECAFA60F5E519B6180C77E8DB0B9ECC6F23FEDD30AB9BDCA2AF9F97BC470FC3A82DCA2364E22642DE0AF9275A82CB":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH Key ASN1 (Encrypted key PKCS12, trailing garbage data) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_MD_CAN_SHA1:MBEDTLS_CIPHER_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C pk_parse_key_encrypted:"3058301C060A2A864886F70D010C0103300E0409CCCCCCCCCCCCCCCCCC02010A04380A8CAF39C4FA001884D0583B323C5E70942444FBE1F650B92F8ADF4AD7BD5049B4748F53A2531139EBF253FE01E8FC925C82C759C944B4D0":"AAAAAAAAAAAAAAAAAA":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH # From RFC8410 Appendix A but made into version 0 diff --git a/tf-psa-crypto/tests/suites/test_suite_pkparse.function b/tf-psa-crypto/tests/suites/test_suite_pkparse.function index 63ff092160..2aea1b8106 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pkparse.function +++ b/tf-psa-crypto/tests/suites/test_suite_pkparse.function @@ -81,7 +81,7 @@ exit: return ok; } -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* Whether a pk key can do ECDSA. Opaque keys are not supported since this * test suite does not create opaque keys. */ static int pk_can_ecdsa(const mbedtls_pk_context *ctx) @@ -100,7 +100,7 @@ static int pk_can_ecdsa(const mbedtls_pk_context *ctx) return 0; #endif } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ #endif /* MBEDTLS_PSA_CRYPTO_C && && MBEDTLS_FS_IO */ /* END_HEADER */ @@ -194,7 +194,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ void pk_parse_public_keyfile_ec(char *key_file, int result) { mbedtls_pk_context ctx; @@ -234,7 +234,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ void pk_parse_keyfile_ec(char *key_file, char *password, int result) { mbedtls_pk_context ctx; @@ -310,7 +310,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PK_WRITE_C */ +/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_WRITE_C */ void pk_parse_fix_montgomery(data_t *input_key, data_t *exp_output) { /* Montgomery keys have specific bits set to either 0 or 1 depending on diff --git a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data index 0397349311..4f00e46818 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data +++ b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data @@ -15,43 +15,43 @@ depends_on:MBEDTLS_RSA_C pk_write_pubkey_check:"../../framework/data_files/rsa4096_pub.der":TEST_DER Public key write check EC 192 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_192 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_192 pk_write_pubkey_check:"../../framework/data_files/ec_pub.pem":TEST_PEM Public key write check EC 192 bits (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_192 pk_write_pubkey_check:"../../framework/data_files/ec_pub.der":TEST_DER Public key write check EC 521 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_521 pk_write_pubkey_check:"../../framework/data_files/ec_521_pub.pem":TEST_PEM Public key write check EC 521 bits (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_521 pk_write_pubkey_check:"../../framework/data_files/ec_521_pub.der":TEST_DER Public key write check EC Brainpool 512 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512 pk_write_pubkey_check:"../../framework/data_files/ec_bp512_pub.pem":TEST_PEM Public key write check EC Brainpool 512 bits (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_512 pk_write_pubkey_check:"../../framework/data_files/ec_bp512_pub.der":TEST_DER Public key write check EC X25519 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 pk_write_pubkey_check:"../../framework/data_files/ec_x25519_pub.pem":TEST_PEM Public key write check EC X25519 (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_write_pubkey_check:"../../framework/data_files/ec_x25519_pub.der":TEST_DER Public key write check EC X448 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 pk_write_pubkey_check:"../../framework/data_files/ec_x448_pub.pem":TEST_PEM Public key write check EC X448 (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_448 pk_write_pubkey_check:"../../framework/data_files/ec_x448_pub.der":TEST_DER Private key write check RSA @@ -71,59 +71,59 @@ depends_on:MBEDTLS_RSA_C pk_write_key_check:"../../framework/data_files/rsa4096_prv.der":TEST_DER Private key write check EC 192 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_192 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_192 pk_write_key_check:"../../framework/data_files/ec_prv.sec1.pem":TEST_PEM Private key write check EC 192 bits (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_192 pk_write_key_check:"../../framework/data_files/ec_prv.sec1.der":TEST_DER Private key write check EC 256 bits (top bit set) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP256R1 pk_write_key_check:"../../framework/data_files/ec_256_long_prv.pem":TEST_PEM Private key write check EC 256 bits (top bit set) (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP256R1 pk_write_key_check:"../../framework/data_files/ec_256_long_prv.der":TEST_DER Private key write check EC 521 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_521 pk_write_key_check:"../../framework/data_files/ec_521_prv.pem":TEST_PEM Private key write check EC 521 bits (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_521 pk_write_key_check:"../../framework/data_files/ec_521_prv.der":TEST_DER Private key write check EC 521 bits (top byte is 0) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_521 pk_write_key_check:"../../framework/data_files/ec_521_short_prv.pem":TEST_PEM Private key write check EC 521 bits (top byte is 0) (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_521 pk_write_key_check:"../../framework/data_files/ec_521_short_prv.der":TEST_DER Private key write check EC Brainpool 512 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512 pk_write_key_check:"../../framework/data_files/ec_bp512_prv.pem":TEST_PEM Private key write check EC Brainpool 512 bits (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_512 pk_write_key_check:"../../framework/data_files/ec_bp512_prv.der":TEST_DER Private key write check EC X25519 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 pk_write_key_check:"../../framework/data_files/ec_x25519_prv.pem":TEST_PEM Private key write check EC X25519 (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_write_key_check:"../../framework/data_files/ec_x25519_prv.der":TEST_DER Private key write check EC X448 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 pk_write_key_check:"../../framework/data_files/ec_x448_prv.pem":TEST_PEM Private key write check EC X448 (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_448 pk_write_key_check:"../../framework/data_files/ec_x448_prv.der":TEST_DER Derive public key RSA @@ -135,21 +135,21 @@ depends_on:MBEDTLS_RSA_C pk_write_public_from_private:"../../framework/data_files/rsa4096_prv.der":"../../framework/data_files/rsa4096_pub.der" Derive public key EC 192 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_192 pk_write_public_from_private:"../../framework/data_files/ec_prv.sec1.der":"../../framework/data_files/ec_pub.der" Derive public key EC 521 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_521 pk_write_public_from_private:"../../framework/data_files/ec_521_prv.der":"../../framework/data_files/ec_521_pub.der" Derive public key EC Brainpool 512 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_512 pk_write_public_from_private:"../../framework/data_files/ec_bp512_prv.der":"../../framework/data_files/ec_bp512_pub.der" Derive public key EC X25519 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 pk_write_public_from_private:"../../framework/data_files/ec_x25519_prv.der":"../../framework/data_files/ec_x25519_pub.der" Derive public key EC X448 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_448 pk_write_public_from_private:"../../framework/data_files/ec_x448_prv.der":"../../framework/data_files/ec_x448_pub.der" From 72a88e7255757623151c62cd3fdf15e5fde6ed6e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 16 Jul 2024 17:07:16 +0100 Subject: [PATCH 026/124] Remove MBEDTLS_MD5_PROCESS_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tf-psa-crypto/drivers/builtin/src/md5.c | 3 --- 2 files changed, 4 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 0f1b54e226..a256c36211 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -387,7 +387,6 @@ * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). * */ -//#define MBEDTLS_MD5_PROCESS_ALT //#define MBEDTLS_RIPEMD160_PROCESS_ALT //#define MBEDTLS_SHA1_PROCESS_ALT //#define MBEDTLS_SHA256_PROCESS_ALT diff --git a/tf-psa-crypto/drivers/builtin/src/md5.c b/tf-psa-crypto/drivers/builtin/src/md5.c index e11e078095..98b8ee4e9c 100644 --- a/tf-psa-crypto/drivers/builtin/src/md5.c +++ b/tf-psa-crypto/drivers/builtin/src/md5.c @@ -58,7 +58,6 @@ int mbedtls_md5_starts(mbedtls_md5_context *ctx) return 0; } -#if !defined(MBEDTLS_MD5_PROCESS_ALT) int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, const unsigned char data[64]) { @@ -193,8 +192,6 @@ int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, return 0; } -#endif /* !MBEDTLS_MD5_PROCESS_ALT */ - /* * MD5 process buffer */ From 64988680c5521fc9f46fb69ce485b14986928c58 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 16 Jul 2024 17:08:38 +0100 Subject: [PATCH 027/124] Remove MBEDTLS_RIPEMD160_PROCESS_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tf-psa-crypto/drivers/builtin/src/ripemd160.c | 4 ---- 2 files changed, 5 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index a256c36211..28f0a0056e 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -387,7 +387,6 @@ * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). * */ -//#define MBEDTLS_RIPEMD160_PROCESS_ALT //#define MBEDTLS_SHA1_PROCESS_ALT //#define MBEDTLS_SHA256_PROCESS_ALT //#define MBEDTLS_SHA512_PROCESS_ALT diff --git a/tf-psa-crypto/drivers/builtin/src/ripemd160.c b/tf-psa-crypto/drivers/builtin/src/ripemd160.c index 96b546654f..835df9528a 100644 --- a/tf-psa-crypto/drivers/builtin/src/ripemd160.c +++ b/tf-psa-crypto/drivers/builtin/src/ripemd160.c @@ -59,8 +59,6 @@ int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx) return 0; } - -#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT) /* * Process one block */ @@ -256,8 +254,6 @@ int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx, return 0; } -#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */ - /* * RIPEMD-160 process buffer */ From 2106f79c493ecd63e19040262ab22f0e5e458378 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 16 Jul 2024 17:10:58 +0100 Subject: [PATCH 028/124] Remove MBEDTLS_SHA1_PROCESS_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tf-psa-crypto/drivers/builtin/src/sha1.c | 3 --- 2 files changed, 4 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 28f0a0056e..e43c12d7e5 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -387,7 +387,6 @@ * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). * */ -//#define MBEDTLS_SHA1_PROCESS_ALT //#define MBEDTLS_SHA256_PROCESS_ALT //#define MBEDTLS_SHA512_PROCESS_ALT //#define MBEDTLS_DES_SETKEY_ALT diff --git a/tf-psa-crypto/drivers/builtin/src/sha1.c b/tf-psa-crypto/drivers/builtin/src/sha1.c index c8d2852d45..b13381d30a 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha1.c +++ b/tf-psa-crypto/drivers/builtin/src/sha1.c @@ -59,7 +59,6 @@ int mbedtls_sha1_starts(mbedtls_sha1_context *ctx) return 0; } -#if !defined(MBEDTLS_SHA1_PROCESS_ALT) int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, const unsigned char data[64]) { @@ -228,8 +227,6 @@ int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, return 0; } -#endif /* !MBEDTLS_SHA1_PROCESS_ALT */ - /* * SHA-1 process buffer */ From 297b026d0a674d8684d979894dcc5f9018da5052 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 16 Jul 2024 17:21:43 +0100 Subject: [PATCH 029/124] Remove MBEDTLS_SHA256_PROCESS_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 3 -- include/mbedtls/mbedtls_config.h | 38 ---------------------- tf-psa-crypto/drivers/builtin/src/sha256.c | 9 ++--- 3 files changed, 2 insertions(+), 48 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 26732293ee..090d0b4417 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -750,9 +750,6 @@ #if !defined(MBEDTLS_SHA256_C) #error "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_* defined without MBEDTLS_SHA256_C" #endif -#if defined(MBEDTLS_SHA256_PROCESS_ALT) -#error "MBEDTLS_SHA256_PROCESS_ALT can't be used with MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_*" -#endif #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index e43c12d7e5..add765d407 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,44 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -/** - * \def MBEDTLS_SHA256_PROCESS_ALT - * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you - * alternate core implementation of symmetric crypto or hash function. Keep in - * mind that function prototypes should remain the same. - * - * This replaces only one function. The header file from Mbed TLS is still - * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will - * no longer provide the mbedtls_sha1_process() function, but it will still provide - * the other function (using your mbedtls_sha1_process() function) and the definition - * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible - * with this definition. - * - * \note If you use the AES_xxx_ALT macros, then it is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - * - * \warning MD5, DES and SHA-1 are considered weak and their use - * constitutes a security risk. If possible, we recommend avoiding - * dependencies on them, and considering stronger message digests - * and ciphers instead. - * - * \warning If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are - * enabled, then the deterministic ECDH signature functions pass the - * the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore - * alternative implementations should use the RNG only for generating - * the ephemeral key and nothing else. If this is not possible, then - * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative - * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). - * - */ -//#define MBEDTLS_SHA256_PROCESS_ALT //#define MBEDTLS_SHA512_PROCESS_ALT //#define MBEDTLS_DES_SETKEY_ALT //#define MBEDTLS_DES_CRYPT_ECB_ALT diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c index ec1e9692e2..1bfb701bcf 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha256.c +++ b/tf-psa-crypto/drivers/builtin/src/sha256.c @@ -291,7 +291,6 @@ int mbedtls_sha256_starts(mbedtls_sha256_context *ctx, int is224) return 0; } -#if !defined(MBEDTLS_SHA256_PROCESS_ALT) static const uint32_t K[] = { 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, @@ -312,8 +311,6 @@ static const uint32_t K[] = 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, }; -#endif - #if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) || \ defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) @@ -449,8 +446,7 @@ int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, #endif -#if !defined(MBEDTLS_SHA256_PROCESS_ALT) && \ - !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) +#if !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) #define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) #define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) @@ -570,8 +566,7 @@ int mbedtls_internal_sha256_process_c(mbedtls_sha256_context *ctx, return 0; } -#endif /* !MBEDTLS_SHA256_PROCESS_ALT && !MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY */ - +#endif /* !MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY */ #if !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) From 3ab1b2d00b071fc2122289ed0304a916acb161d2 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 16 Jul 2024 17:34:31 +0100 Subject: [PATCH 030/124] Remove MBEDTLS_SHA512_PROCESS_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 3 --- include/mbedtls/mbedtls_config.h | 1 - tf-psa-crypto/drivers/builtin/src/sha512.c | 7 ++----- 3 files changed, 2 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 090d0b4417..284b7c650b 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -730,9 +730,6 @@ #if !defined(MBEDTLS_SHA512_C) #error "MBEDTLS_SHA512_USE_A64_CRYPTO_* defined without MBEDTLS_SHA512_C" #endif -#if defined(MBEDTLS_SHA512_PROCESS_ALT) -#error "MBEDTLS_SHA512_PROCESS_ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*" -#endif #endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index add765d407..473d09b171 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_SHA512_PROCESS_ALT //#define MBEDTLS_DES_SETKEY_ALT //#define MBEDTLS_DES_CRYPT_ECB_ALT //#define MBEDTLS_DES3_CRYPT_ECB_ALT diff --git a/tf-psa-crypto/drivers/builtin/src/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c index e7575ea776..52b4f62a9d 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha512.c +++ b/tf-psa-crypto/drivers/builtin/src/sha512.c @@ -289,8 +289,6 @@ int mbedtls_sha512_starts(mbedtls_sha512_context *ctx, int is384) return 0; } -#if !defined(MBEDTLS_SHA512_PROCESS_ALT) - /* * Round constants */ @@ -337,7 +335,6 @@ static const uint64_t K[80] = UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) }; -#endif #if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) @@ -587,7 +584,7 @@ int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, #endif -#if !defined(MBEDTLS_SHA512_PROCESS_ALT) && !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) +#if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) #if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) /* @@ -688,7 +685,7 @@ int mbedtls_internal_sha512_process_c(mbedtls_sha512_context *ctx, return 0; } -#endif /* !MBEDTLS_SHA512_PROCESS_ALT && !MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ +#endif /* !MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ #if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) From 43874e0a848eb5a054c60fb3776e16cc5df7e461 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 16 Jul 2024 17:45:52 +0100 Subject: [PATCH 031/124] Remove MBEDTLS_DES_SETKEY_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - .../drivers/builtin/include/mbedtls/des.h | 15 --------------- tf-psa-crypto/drivers/builtin/src/des.c | 7 ++++--- 3 files changed, 4 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 473d09b171..df6bf55ef5 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_DES_SETKEY_ALT //#define MBEDTLS_DES_CRYPT_ECB_ALT //#define MBEDTLS_DES3_CRYPT_ECB_ALT //#define MBEDTLS_AES_SETKEY_ENC_ALT diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h index c2d910cbfa..dbe12edc9e 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h @@ -344,21 +344,6 @@ int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ -/** - * \brief Internal function for key expansion. - * (Only exposed to allow overriding it, - * see MBEDTLS_DES_SETKEY_ALT) - * - * \param SK Round keys - * \param key Base key - * - * \warning DES/3DES are considered weak ciphers and their use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - */ -void mbedtls_des_setkey(uint32_t SK[32], - const unsigned char key[MBEDTLS_DES_KEY_SIZE]); - #if defined(MBEDTLS_SELF_TEST) /** diff --git a/tf-psa-crypto/drivers/builtin/src/des.c b/tf-psa-crypto/drivers/builtin/src/des.c index 5410bd39be..7fd71002a4 100644 --- a/tf-psa-crypto/drivers/builtin/src/des.c +++ b/tf-psa-crypto/drivers/builtin/src/des.c @@ -389,8 +389,10 @@ int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) return 0; } -#if !defined(MBEDTLS_DES_SETKEY_ALT) -void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE]) +/* + * Internal function for key expansion. + */ +static void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; uint32_t X, Y, T; @@ -454,7 +456,6 @@ void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); } } -#endif /* !MBEDTLS_DES_SETKEY_ALT */ /* * DES key schedule (56-bit, encryption) From 29561ec65801f9235e158ce70fdcef65d2543ffd Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 16 Jul 2024 17:50:21 +0100 Subject: [PATCH 032/124] Remove MBEDTLS_DES_CRYPT_ECB_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tf-psa-crypto/drivers/builtin/src/des.c | 2 -- 2 files changed, 3 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index df6bf55ef5..1bb0b1735d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_DES_CRYPT_ECB_ALT //#define MBEDTLS_DES3_CRYPT_ECB_ALT //#define MBEDTLS_AES_SETKEY_ENC_ALT //#define MBEDTLS_AES_SETKEY_DEC_ALT diff --git a/tf-psa-crypto/drivers/builtin/src/des.c b/tf-psa-crypto/drivers/builtin/src/des.c index 7fd71002a4..b281757c51 100644 --- a/tf-psa-crypto/drivers/builtin/src/des.c +++ b/tf-psa-crypto/drivers/builtin/src/des.c @@ -589,7 +589,6 @@ int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, /* * DES-ECB block encryption/decryption */ -#if !defined(MBEDTLS_DES_CRYPT_ECB_ALT) int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, const unsigned char input[8], unsigned char output[8]) @@ -616,7 +615,6 @@ int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, return 0; } -#endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */ #if defined(MBEDTLS_CIPHER_MODE_CBC) /* From 2bcf80528412662f86033a9803a4cbc754c1d6d9 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 16 Jul 2024 17:51:53 +0100 Subject: [PATCH 033/124] Remove MBEDTLS_DES3_CRYPT_ECB_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tf-psa-crypto/drivers/builtin/src/des.c | 2 -- 2 files changed, 3 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 1bb0b1735d..e86334c658 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_DES3_CRYPT_ECB_ALT //#define MBEDTLS_AES_SETKEY_ENC_ALT //#define MBEDTLS_AES_SETKEY_DEC_ALT //#define MBEDTLS_AES_ENCRYPT_ALT diff --git a/tf-psa-crypto/drivers/builtin/src/des.c b/tf-psa-crypto/drivers/builtin/src/des.c index b281757c51..73afb0454f 100644 --- a/tf-psa-crypto/drivers/builtin/src/des.c +++ b/tf-psa-crypto/drivers/builtin/src/des.c @@ -675,7 +675,6 @@ exit: /* * 3DES-ECB block encryption/decryption */ -#if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT) int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, const unsigned char input[8], unsigned char output[8]) @@ -712,7 +711,6 @@ int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, return 0; } -#endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */ #if defined(MBEDTLS_CIPHER_MODE_CBC) /* From 742a2e361932056193742583b790bb97d33b5e94 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jul 2024 10:54:33 +0100 Subject: [PATCH 034/124] Remove MBEDTLS_AES_SETKEY_ENC_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tests/include/test/psa_crypto_helpers.h | 3 +- .../components-configuration-crypto.sh | 4 +-- tf-psa-crypto/drivers/builtin/src/aes.c | 28 ++----------------- 4 files changed, 5 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index e86334c658..b8e6065f36 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_AES_SETKEY_ENC_ALT //#define MBEDTLS_AES_SETKEY_DEC_ALT //#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index ea6e8c52dc..2ac749ec45 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -251,8 +251,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * \param key_type Key type * \param key_bits Key length in number of bits. */ -#if defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define MBEDTLS_TEST_HAVE_ALT_AES 1 #else #define MBEDTLS_TEST_HAVE_ALT_AES 0 diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 049e817869..98e6bf1700 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2242,7 +2242,7 @@ component_build_aes_variations () { msg "build: aes.o for all combinations of relevant config options" build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ + "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" @@ -2259,7 +2259,7 @@ component_build_aes_variations () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ + "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" diff --git a/tf-psa-crypto/drivers/builtin/src/aes.c b/tf-psa-crypto/drivers/builtin/src/aes.c index 67fa2d5841..40a1c244ba 100644 --- a/tf-psa-crypto/drivers/builtin/src/aes.c +++ b/tf-psa-crypto/drivers/builtin/src/aes.c @@ -541,7 +541,6 @@ MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf) /* * AES key schedule (encryption) */ -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -647,7 +646,6 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, return 0; #endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ } -#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */ /* * AES key schedule (decryption) @@ -1858,12 +1856,6 @@ int mbedtls_aes_self_test(int verbose) aes_tests = aes_test_ecb_enc[u]; } - /* - * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e when - * MBEDTLS_AES_SETKEY_ENC_ALT or MBEDTLS_AES_SETKEY_DEC_ALT - * are defined. - */ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { mbedtls_printf("skipped\n"); continue; @@ -1923,12 +1915,6 @@ int mbedtls_aes_self_test(int verbose) aes_tests = aes_test_cbc_enc[u]; } - /* - * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e when - * MBEDTLS_AES_SETKEY_ENC_ALT or MBEDTLS_AES_SETKEY_DEC_ALT - * are defined. - */ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { mbedtls_printf("skipped\n"); continue; @@ -1991,12 +1977,7 @@ int mbedtls_aes_self_test(int verbose) offset = 0; ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); - /* - * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e when - * MBEDTLS_AES_SETKEY_ENC_ALT or MBEDTLS_AES_SETKEY_DEC_ALT - * are defined. - */ + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { mbedtls_printf("skipped\n"); continue; @@ -2056,12 +2037,7 @@ int mbedtls_aes_self_test(int verbose) offset = 0; ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); - /* - * AES-192 is an optional feature that may be unavailable when - * there is an alternative underlying implementation i.e when - * MBEDTLS_AES_SETKEY_ENC_ALT or MBEDTLS_AES_SETKEY_DEC_ALT - * are defined. - */ + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { mbedtls_printf("skipped\n"); continue; From 955ce581427887ed9396cdf6ce5b3f3665eadd23 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jul 2024 11:05:42 +0100 Subject: [PATCH 035/124] Remove MBEDTLS_AES_SETKEY_DEC_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tests/scripts/components-configuration-crypto.sh | 4 ++-- tf-psa-crypto/drivers/builtin/src/aes.c | 9 ++++----- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index b8e6065f36..1642d8dc69 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_AES_SETKEY_DEC_ALT //#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT //#define MBEDTLS_ECDH_GEN_PUBLIC_ALT diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 98e6bf1700..f4db664fb8 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2243,7 +2243,7 @@ component_build_aes_variations () { build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_DECRYPT_ALT" \ - "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ + "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" @@ -2260,7 +2260,7 @@ component_build_aes_variations () { scripts/config.py unset MBEDTLS_NIST_KW_C build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_DECRYPT_ALT" \ - "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ + "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" } diff --git a/tf-psa-crypto/drivers/builtin/src/aes.c b/tf-psa-crypto/drivers/builtin/src/aes.c index 40a1c244ba..f7d6a617a5 100644 --- a/tf-psa-crypto/drivers/builtin/src/aes.c +++ b/tf-psa-crypto/drivers/builtin/src/aes.c @@ -44,9 +44,8 @@ * This is a convenience shorthand macro to check if we need reverse S-box and * reverse tables. It's private and only defined in this file. */ -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY))) && \ - !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) \ + && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) #define MBEDTLS_AES_NEED_REVERSE_TABLES #endif @@ -650,7 +649,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, /* * AES key schedule (decryption) */ -#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -719,7 +718,7 @@ exit: return ret; } -#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ #if defined(MBEDTLS_CIPHER_MODE_XTS) static int mbedtls_aes_xts_decode_keys(const unsigned char *key, From 6cf05f9322e79ef1c44021cf871bfabc20eba87e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jul 2024 11:30:22 +0100 Subject: [PATCH 036/124] Remove MBEDTLS_AES_ENCRYPT_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - tests/scripts/components-configuration-crypto.sh | 4 ++-- .../drivers/builtin/include/mbedtls/aes.h | 16 ---------------- tf-psa-crypto/drivers/builtin/src/aes.c | 11 ++++++----- 4 files changed, 8 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 1642d8dc69..530bc4fe16 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT //#define MBEDTLS_ECDH_GEN_PUBLIC_ALT //#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index f4db664fb8..2f4b55b8f4 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2243,7 +2243,7 @@ component_build_aes_variations () { build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_DECRYPT_ALT" \ - "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" \ + "MBEDTLS_AES_ROM_TABLES" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" @@ -2260,7 +2260,7 @@ component_build_aes_variations () { scripts/config.py unset MBEDTLS_NIST_KW_C build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ "MBEDTLS_AES_DECRYPT_ALT" \ - "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" \ + "MBEDTLS_AES_ROM_TABLES" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" } diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h index 559e1d84e2..09ce873278 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h @@ -566,22 +566,6 @@ int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ -/** - * \brief Internal AES block encryption function. This is only - * exposed to allow overriding it using - * \c MBEDTLS_AES_ENCRYPT_ALT. - * - * \param ctx The AES context to use for encryption. - * \param input The plaintext block. - * \param output The output (ciphertext) block. - * - * \return \c 0 on success. - */ -MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); - #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief Internal AES block decryption function. This is only diff --git a/tf-psa-crypto/drivers/builtin/src/aes.c b/tf-psa-crypto/drivers/builtin/src/aes.c index f7d6a617a5..4b7a1e9344 100644 --- a/tf-psa-crypto/drivers/builtin/src/aes.c +++ b/tf-psa-crypto/drivers/builtin/src/aes.c @@ -842,13 +842,14 @@ int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, AES_RT3(MBEDTLS_BYTE_3(Y0)); \ } while (0) +#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) /* * AES-ECB block encryption */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) -int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) +MBEDTLS_CHECK_RETURN_TYPICAL +static int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { int i; uint32_t *RK = ctx->buf + ctx->rk_offset; @@ -902,7 +903,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, return 0; } -#endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ /* * AES-ECB block decryption From 7c0b4adfa2589dafb9c0286fe4edd7dbd7eded45 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jul 2024 11:58:50 +0100 Subject: [PATCH 037/124] Remove MBEDTLS_AES_DECRYPT_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 1 - .../scripts/components-configuration-crypto.sh | 2 -- .../drivers/builtin/include/mbedtls/aes.h | 18 ------------------ tf-psa-crypto/drivers/builtin/src/aes.c | 16 ++++++++-------- 4 files changed, 8 insertions(+), 29 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 530bc4fe16..dd390ff221 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_AES_DECRYPT_ALT //#define MBEDTLS_ECDH_GEN_PUBLIC_ALT //#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT //#define MBEDTLS_ECDSA_VERIFY_ALT diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 2f4b55b8f4..f4744a8f1f 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -2242,7 +2242,6 @@ component_build_aes_variations () { msg "build: aes.o for all combinations of relevant config options" build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" @@ -2259,7 +2258,6 @@ component_build_aes_variations () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \ - "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h index 09ce873278..aa4d99c22a 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h @@ -566,24 +566,6 @@ int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) -/** - * \brief Internal AES block decryption function. This is only - * exposed to allow overriding it using see - * \c MBEDTLS_AES_DECRYPT_ALT. - * - * \param ctx The AES context to use for decryption. - * \param input The ciphertext block. - * \param output The output (plaintext) block. - * - * \return \c 0 on success. - */ -MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]); -#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ - #if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine. diff --git a/tf-psa-crypto/drivers/builtin/src/aes.c b/tf-psa-crypto/drivers/builtin/src/aes.c index 4b7a1e9344..651282b0d9 100644 --- a/tf-psa-crypto/drivers/builtin/src/aes.c +++ b/tf-psa-crypto/drivers/builtin/src/aes.c @@ -44,8 +44,7 @@ * This is a convenience shorthand macro to check if we need reverse S-box and * reverse tables. It's private and only defined in this file. */ -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) \ - && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) +#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) #define MBEDTLS_AES_NEED_REVERSE_TABLES #endif @@ -903,15 +902,15 @@ static int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, return 0; } -#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /* * AES-ECB block decryption */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) -int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16]) +MBEDTLS_CHECK_RETURN_TYPICAL +static int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { int i; uint32_t *RK = ctx->buf + ctx->rk_offset; @@ -965,7 +964,8 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, return 0; } -#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ +#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ /* * Our intrinsics-based implementation of AESNI requires the round keys to be From 51b90fb6b1d82f6ce23442e53ac72dfe55e89695 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jul 2024 12:07:16 +0100 Subject: [PATCH 038/124] Remove MBEDTLS_ECDH_GEN_PUBLIC_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 1 - include/mbedtls/mbedtls_config.h | 1 - tf-psa-crypto/drivers/builtin/src/ecdh.c | 2 -- 3 files changed, 4 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 284b7c650b..0c9f5e9634 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -186,7 +186,6 @@ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ - defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) || \ defined(MBEDTLS_ECDSA_SIGN_ALT) || \ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ defined(MBEDTLS_ECDSA_GENKEY_ALT) ) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index dd390ff221..3349d4e555 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT //#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT //#define MBEDTLS_ECDSA_VERIFY_ALT //#define MBEDTLS_ECDSA_SIGN_ALT diff --git a/tf-psa-crypto/drivers/builtin/src/ecdh.c b/tf-psa-crypto/drivers/builtin/src/ecdh.c index b276c6adad..1a327a0e9e 100644 --- a/tf-psa-crypto/drivers/builtin/src/ecdh.c +++ b/tf-psa-crypto/drivers/builtin/src/ecdh.c @@ -43,7 +43,6 @@ int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid) return 1; } -#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) /* * Generate public key (restartable version) * @@ -84,7 +83,6 @@ int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_ { return ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL); } -#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */ #if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) /* From ce5ed8555c69bf252ecc6eb26de036be6688cc7c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jul 2024 12:13:09 +0100 Subject: [PATCH 039/124] Remove MBEDTLS_ECDH_COMPUTE_SHARED_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 3 +-- include/mbedtls/mbedtls_config.h | 1 - tf-psa-crypto/drivers/builtin/src/ecdh.c | 2 -- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 0c9f5e9634..a26076102c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -185,8 +185,7 @@ #endif #if defined(MBEDTLS_ECP_RESTARTABLE) && \ - ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \ - defined(MBEDTLS_ECDSA_SIGN_ALT) || \ + ( defined(MBEDTLS_ECDSA_SIGN_ALT) || \ defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ defined(MBEDTLS_ECDSA_GENKEY_ALT) ) #error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3349d4e555..a675f317fa 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT //#define MBEDTLS_ECDSA_VERIFY_ALT //#define MBEDTLS_ECDSA_SIGN_ALT //#define MBEDTLS_ECDSA_GENKEY_ALT diff --git a/tf-psa-crypto/drivers/builtin/src/ecdh.c b/tf-psa-crypto/drivers/builtin/src/ecdh.c index 1a327a0e9e..28fe757eab 100644 --- a/tf-psa-crypto/drivers/builtin/src/ecdh.c +++ b/tf-psa-crypto/drivers/builtin/src/ecdh.c @@ -84,7 +84,6 @@ int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_ return ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL); } -#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) /* * Compute shared secret (SEC1 3.3.1) */ @@ -127,7 +126,6 @@ int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z, return ecdh_compute_shared_restartable(grp, z, Q, d, f_rng, p_rng, NULL); } -#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ static void ecdh_init_internal(mbedtls_ecdh_context_mbed *ctx) { From e3013da240d7dbea86c765af236b34a803894586 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jul 2024 12:26:26 +0100 Subject: [PATCH 040/124] Remove MBEDTLS_ECDSA_VERIFY_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 1 - include/mbedtls/mbedtls_config.h | 1 - .../drivers/builtin/include/mbedtls/ecdsa.h | 3 --- tf-psa-crypto/drivers/builtin/src/ecdsa.c | 15 ++------------- 4 files changed, 2 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index a26076102c..f8197e44e2 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -186,7 +186,6 @@ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ ( defined(MBEDTLS_ECDSA_SIGN_ALT) || \ - defined(MBEDTLS_ECDSA_VERIFY_ALT) || \ defined(MBEDTLS_ECDSA_GENKEY_ALT) ) #error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index a675f317fa..dd047e98d6 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_ECDSA_VERIFY_ALT //#define MBEDTLS_ECDSA_SIGN_ALT //#define MBEDTLS_ECDSA_GENKEY_ALT diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h index 2ecf349115..557f02b462 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h @@ -375,7 +375,6 @@ int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s); -#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /** * \brief This function verifies the ECDSA signature of a * previously-hashed message, in a restartable manner @@ -418,8 +417,6 @@ int mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp, const mbedtls_mpi *s, mbedtls_ecdsa_restart_ctx *rs_ctx); -#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */ - /** * \brief This function computes the ECDSA signature and writes it * to a buffer, serialized as defined in RFC-4492: diff --git a/tf-psa-crypto/drivers/builtin/src/ecdsa.c b/tf-psa-crypto/drivers/builtin/src/ecdsa.c index 2f7a996a7e..da4c9e8dad 100644 --- a/tf-psa-crypto/drivers/builtin/src/ecdsa.c +++ b/tf-psa-crypto/drivers/builtin/src/ecdsa.c @@ -194,8 +194,7 @@ static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx) #endif /* MBEDTLS_ECP_RESTARTABLE */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) || \ - !defined(MBEDTLS_ECDSA_SIGN_ALT) || \ - !defined(MBEDTLS_ECDSA_VERIFY_ALT) + !defined(MBEDTLS_ECDSA_SIGN_ALT) /* * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 @@ -220,7 +219,7 @@ static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x, cleanup: return ret; } -#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */ +#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT */ int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid) { @@ -480,7 +479,6 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ -#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* * Verify ECDSA signature of hashed message (SEC1 4.1.4) * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) @@ -601,7 +599,6 @@ int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, { return mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL); } -#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */ /* * Convert a signature (given by context) to ASN.1 @@ -741,19 +738,11 @@ int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } -#if defined(MBEDTLS_ECDSA_VERIFY_ALT) - (void) rs_ctx; - if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen, - &ctx->Q, &r, &s)) != 0) { - goto cleanup; - } -#else if ((ret = mbedtls_ecdsa_verify_restartable(&ctx->grp, hash, hlen, &ctx->Q, &r, &s, rs_ctx)) != 0) { goto cleanup; } -#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ /* At this point we know that the buffer starts with a valid signature. * Return 0 if the buffer just contains the signature, and a specific From 4864424fea8df6d16fd02addd9c623f01341a424 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jul 2024 12:36:49 +0100 Subject: [PATCH 041/124] Remove MBEDTLS_ECDSA_SIGN_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 4 +--- include/mbedtls/mbedtls_config.h | 1 - .../drivers/builtin/include/mbedtls/ecdsa.h | 3 --- tf-psa-crypto/drivers/builtin/src/ecdsa.c | 19 ------------------- 4 files changed, 1 insertion(+), 26 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index f8197e44e2..561432e26d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -184,9 +184,7 @@ #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_ECP_RESTARTABLE) && \ - ( defined(MBEDTLS_ECDSA_SIGN_ALT) || \ - defined(MBEDTLS_ECDSA_GENKEY_ALT) ) +#if defined(MBEDTLS_ECP_RESTARTABLE) && defined(MBEDTLS_ECDSA_GENKEY_ALT) #error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index dd047e98d6..b2441113bc 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,7 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_ECDSA_SIGN_ALT //#define MBEDTLS_ECDSA_GENKEY_ALT /** diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h index 557f02b462..fcb46e2a43 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h @@ -211,7 +211,6 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, void *p_rng_blind); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ -#if !defined(MBEDTLS_ECDSA_SIGN_ALT) /** * \brief This function computes the ECDSA signature of a * previously-hashed message, in a restartable way. @@ -277,8 +276,6 @@ int mbedtls_ecdsa_sign_restartable( void *p_rng_blind, mbedtls_ecdsa_restart_ctx *rs_ctx); -#endif /* !MBEDTLS_ECDSA_SIGN_ALT */ - #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /** diff --git a/tf-psa-crypto/drivers/builtin/src/ecdsa.c b/tf-psa-crypto/drivers/builtin/src/ecdsa.c index da4c9e8dad..f4e14a3f1a 100644 --- a/tf-psa-crypto/drivers/builtin/src/ecdsa.c +++ b/tf-psa-crypto/drivers/builtin/src/ecdsa.c @@ -193,8 +193,6 @@ static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx) #endif /* MBEDTLS_ECP_RESTARTABLE */ -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) || \ - !defined(MBEDTLS_ECDSA_SIGN_ALT) /* * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 @@ -219,7 +217,6 @@ static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x, cleanup: return ret; } -#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT */ int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid) { @@ -234,7 +231,6 @@ int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid) } } -#if !defined(MBEDTLS_ECDSA_SIGN_ALT) /* * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) @@ -384,7 +380,6 @@ int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, return mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen, f_rng, p_rng, f_rng, p_rng, NULL); } -#endif /* !MBEDTLS_ECDSA_SIGN_ALT */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* @@ -443,16 +438,9 @@ int mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, sign: #endif -#if defined(MBEDTLS_ECDSA_SIGN_ALT) - (void) f_rng_blind; - (void) p_rng_blind; - ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng); -#else ret = mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen, mbedtls_hmac_drbg_random, p_rng, f_rng_blind, p_rng_blind, rs_ctx); -#endif /* MBEDTLS_ECDSA_SIGN_ALT */ cleanup: mbedtls_hmac_drbg_free(&rng_ctx); @@ -657,17 +645,10 @@ int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, #else (void) md_alg; -#if defined(MBEDTLS_ECDSA_SIGN_ALT) - (void) rs_ctx; - - MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ctx->grp, &r, &s, &ctx->d, - hash, hlen, f_rng, p_rng)); -#else /* Use the same RNG for both blinding and ephemeral key generation */ MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d, hash, hlen, f_rng, p_rng, f_rng, p_rng, rs_ctx)); -#endif /* MBEDTLS_ECDSA_SIGN_ALT */ #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ MBEDTLS_MPI_CHK(ecdsa_signature_to_asn1(&r, &s, sig, sig_size, slen)); From 28647d86696ea85ff8c131e7175e1556f0fc8ad3 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 18 Jul 2024 12:51:10 +0100 Subject: [PATCH 042/124] Remove MBEDTLS_ECDSA_GENKEY_ALT Signed-off-by: Thomas Daubney --- include/mbedtls/check_config.h | 4 ---- include/mbedtls/mbedtls_config.h | 2 -- tf-psa-crypto/drivers/builtin/src/ecdsa.c | 2 -- 3 files changed, 8 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 561432e26d..c664c354b1 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -184,10 +184,6 @@ #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_ECP_RESTARTABLE) && defined(MBEDTLS_ECDSA_GENKEY_ALT) -#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation" -#endif - #if defined(MBEDTLS_ECP_RESTARTABLE) && \ !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECP_RESTARTABLE defined, but not all prerequisites" diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index b2441113bc..3881dbb114 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -350,8 +350,6 @@ */ //#define MBEDTLS_TIMING_ALT -//#define MBEDTLS_ECDSA_GENKEY_ALT - /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT * diff --git a/tf-psa-crypto/drivers/builtin/src/ecdsa.c b/tf-psa-crypto/drivers/builtin/src/ecdsa.c index f4e14a3f1a..57d52fee2d 100644 --- a/tf-psa-crypto/drivers/builtin/src/ecdsa.c +++ b/tf-psa-crypto/drivers/builtin/src/ecdsa.c @@ -739,7 +739,6 @@ cleanup: return ret; } -#if !defined(MBEDTLS_ECDSA_GENKEY_ALT) /* * Generate key pair */ @@ -755,7 +754,6 @@ int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, return mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng); } -#endif /* !MBEDTLS_ECDSA_GENKEY_ALT */ /* * Set context from an mbedtls_ecp_keypair From ebcd49b961b344ea1ce8828e368daeb653378ad4 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 23 Jul 2024 12:08:31 +0100 Subject: [PATCH 043/124] Remove outdated documentation Signed-off-by: Thomas Daubney --- .../alternative-implementations.md | 91 ------------------- 1 file changed, 91 deletions(-) delete mode 100644 docs/architecture/alternative-implementations.md diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md deleted file mode 100644 index 549d47c956..0000000000 --- a/docs/architecture/alternative-implementations.md +++ /dev/null @@ -1,91 +0,0 @@ -Alternative implementations of Mbed TLS functionality -===================================================== - -This document describes how parts of the Mbed TLS functionality can be replaced at compile time to integrate the library on a platform. - -This document is an overview. It is not exhaustive. Please consult the documentation of individual modules and read the library header files for more details. - -## Platform integration - -Mbed TLS works out of the box on Unix/Linux/POSIX-like systems and on Windows. On embedded platforms, you may need to customize some aspects of how Mbed TLS interacts with the underlying platform. This section discusses the main areas that can be configured. - -The platform module (`include/mbedtls/platform.h`) controls how Mbed TLS accesses standard library features such as memory management (`calloc`, `free`), `printf`, `exit`. You can define custom functions instead of the ones from the C standard library through `MBEDTLS_PLATFORM_XXX` options in the configuration file. Many options have two mechanisms: either define `MBEDTLS_PLATFORM_XXX_MACRO` to the name of a function to call instead of the standard function `xxx`, or define `MBEDTLS_PLATFORM_XXX_ALT` and [register an alternative implementation during the platform setup](#alternative-implementations-of-platform-functions). - -The storage of the non-volatile seed for random generation, enabled with `MBEDTLS_ENTROPY_NV_SEED`, is also controlled via the platform module. - -For timing functions, you can [declare an alternative implementation of the timing module](#module-alternative-implementations). - -On multithreaded platforms, [declare an alternative implementation of the threading module](#module-alternative-implementations). - -To configure entropy sources (hardware random generators), see the `MBEDTLS_ENTROPY_XXX` options in the configuration file. - -For networking, the `net_sockets` module does not currently support alternative implementations. If this module does not work on your platform, disable `MBEDTLS_NET_C` and use custom functions for TLS. - -If your platform has a cryptographic accelerator, you can use it via a [PSA driver](#psa-cryptography-drivers) or declare an [alternative implementation of the corresponding module(s)](#module-alternative-implementations) or [of specific functions](#function-alternative-implementations). PSA drivers will ultimately replace the alternative implementation mechanism, but alternative implementation will remain supported in at least all Mbed TLS versions of the form 3.x. The interface of PSA drivers is currently still experimental and subject to change. - -## PSA cryptography drivers - -On platforms where a hardware cryptographic engine is present, you can implement a driver for this engine in the PSA interface. Drivers are supported for cryptographic operations with transparent keys (keys available in cleartext), for cryptographic operations with opaque keys (keys that are only available inside the cryptographic engine), and for random generation. Calls to `psa_xxx` functions that perform cryptographic operations are directed to drivers instead of the built-in code as applicable. See the [PSA cryptography driver interface specification](docs/proposed/psa-driver-interface.md), the [Mbed TLS PSA driver developer guide](docs/proposed/psa-driver-developer-guide.md) and the [Mbed TLS PSA driver integration guide](docs/proposed/psa-driver-integration-guide.md) for more information. - -As of Mbed TLS 3.0, this interface is still experimental and subject to change, and not all operations support drivers yet. The configuration option `MBEDTLS_USE_PSA_CRYPTO` causes parts of the `mbedtls_xxx` API to use PSA crypto and therefore to support drivers, however it is not yet compatible with all drivers. - -## Module alternative implementations - -You can replace the code of some modules of Mbed TLS at compile time by a custom implementation. This is possible for low-level cryptography modules (symmetric algorithms, DHM, RSA, ECP, ECJPAKE) and for some platform-related modules (threading, timing). Such custom implementations are called “alternative implementations”, or “ALT implementations” for short. - -The general principle of an alternative implementation is: -* Enable `MBEDTLS_XXX_ALT` in the compile-time configuration where XXX is the module name. For example, `MBEDTLS_AES_ALT` for an implementation of the AES module. This is in addition to enabling `MBEDTLS_XXX_C`. -* Create a header file `xxx_alt.h` that defines the context type(s) used by the module. For example, `mbedtls_aes_context` for AES. -* Implement all the functions from the module, i.e. the functions declared in `include/mbedtls/xxx.h`. - -See https://mbed-tls.readthedocs.io/en/latest/kb/development/hw_acc_guidelines for a more detailed guide. - -### Constraints on context types - -Generally, alternative implementations can define their context types to any C type except incomplete and array types (although they would normally be `struct` types). This section lists some known limitations where the context type needs to be a structure with certain fields. - -Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`. - -* AES: if `MBEDTLS_AESNI_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`. -* DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`. -* ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`. - * If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set. - -It must be possible to move a context object in memory (except during the execution of a library function that takes this context as an argument). (This is necessary, for example, to support applications that populate a context on the stack of an inner function and then copy the context upwards through the call chain, or applications written in a language with automatic memory management that can move objects on the heap.) That is, call sequences like the following must work: -``` -mbedtls_xxx_context ctx1, ctx2; -mbedtls_xxx_init(&ctx1); -mbedtls_xxx_setup(&ctx1, …); -ctx2 = ctx1; -memset(&ctx1, 0, sizeof(ctx1)); -mbedtls_xxx_do_stuff(&ctx2, …); -mbedtls_xxx_free(&ctx2); -``` -In practice, this means that a pointer to a context or to a part of a context does not remain valid across function calls. Alternative implementations do not need to support copying of contexts: contexts can only be cloned through explicit `clone()` functions. - -## Function alternative implementations - -In some cases, it is possible to replace a single function or a small set of functions instead of [providing an alternative implementation of the whole module](#module-alternative-implementations). - -### Alternative implementations of cryptographic functions - -Options to replace individual functions of cryptographic modules generally have a name obtained by upper-casing the function name and appending `_ALT`. If the function name contains `_internal`, `_ext` or `_ret`, this is removed in the `_ALT` symbol. When the corresponding option is enabled, the built-in implementation of the function will not be compiled, and you must provide an alternative implementation at link time. - -For example, enable `MBEDTLS_AES_ENCRYPT_ALT` at compile time and provide your own implementation of `mbedtls_aes_encrypt()` to provide an accelerated implementation of AES encryption that is compatible with the built-in key schedule. If you wish to implement key schedule differently, you can also enable `MBEDTLS_AES_SETKEY_ENC_ALT` and implement `mbedtls_aes_setkey_enc()`. - -Another example: enable `MBEDTLS_SHA256_PROCESS_ALT` and implement `mbedtls_internal_sha256_process()` to provide an accelerated implementation of SHA-256 and SHA-224. - -Note that since alternative implementations of individual functions cooperate with the built-in implementation of other functions, you must use the same layout for context objects as the built-in implementation. If you want to use different context types, you need to [provide an alternative implementation of the whole module](#module-alternative-implementations). - -### Alternative implementations of platform functions - -Several platform functions can be reconfigured dynamically by following the process described here. To reconfigure how Mbed TLS calls the standard library function `xxx()`: - -* Define the symbol `MBEDTLS_PLATFORM_XXX_ALT` at compile time. -* During the initialization of your application, set the global variable `mbedtls_xxx` to an alternative implementation of `xxx()`. - -For example, to provide a custom `printf` function at run time, enable `MBEDTLS_PLATFORM_PRINTF_ALT` at compile time and assign to `mbedtls_printf` during the initialization of your application. - -Merely enabling `MBEDTLS_PLATFORM_XXX_ALT` does not change the behavior: by default, `mbedtls_xxx` points to the standard function `xxx`. - -Note that there are variations on the naming pattern. For example, some configurable functions are activated in pairs, such as `mbedtls_calloc` and `mbedtls_free` via `MBEDTLS_PLATFORM_MEMORY`. Consult the documentation of individual configuration options and of the platform module for details. From 5db9027d3feb309ae9d9d02ed9bc363351e32c1f Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 24 Jul 2024 18:03:03 +0100 Subject: [PATCH 044/124] Add ChangeLog entry Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-crypto-alt-interface.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/remove-crypto-alt-interface.txt diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/remove-crypto-alt-interface.txt new file mode 100644 index 0000000000..b551e17d1e --- /dev/null +++ b/ChangeLog.d/remove-crypto-alt-interface.txt @@ -0,0 +1,5 @@ +Removals + * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options + at the module and function level for crypto mechanisms only. The remaining + alt interfaces for platform, threading and timing are unchanged. + Fixes #8149. \ No newline at end of file From 2dd830d3c236e24f0f9446d566085bedda98d838 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 24 Jul 2024 18:04:21 +0100 Subject: [PATCH 045/124] Remove superflous comment Signed-off-by: Thomas Daubney --- tf-psa-crypto/drivers/builtin/src/des.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/src/des.c b/tf-psa-crypto/drivers/builtin/src/des.c index 73afb0454f..4bb354af77 100644 --- a/tf-psa-crypto/drivers/builtin/src/des.c +++ b/tf-psa-crypto/drivers/builtin/src/des.c @@ -389,9 +389,6 @@ int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) return 0; } -/* - * Internal function for key expansion. - */ static void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; From b59c0ba81bb80f7f127d72241a9be238b3293a7f Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 24 Jul 2024 18:10:24 +0100 Subject: [PATCH 046/124] Alter guarding in aes.c Signed-off-by: Thomas Daubney --- tf-psa-crypto/drivers/builtin/src/aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/drivers/builtin/src/aes.c b/tf-psa-crypto/drivers/builtin/src/aes.c index 651282b0d9..40370c29fc 100644 --- a/tf-psa-crypto/drivers/builtin/src/aes.c +++ b/tf-psa-crypto/drivers/builtin/src/aes.c @@ -44,7 +44,7 @@ * This is a convenience shorthand macro to check if we need reverse S-box and * reverse tables. It's private and only defined in this file. */ -#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) #define MBEDTLS_AES_NEED_REVERSE_TABLES #endif From c65eefa9abd6aa41a2f8f1a6d5c11b48a027762f Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 25 Jul 2024 10:20:41 +0100 Subject: [PATCH 047/124] Remove superfluous guard Signed-off-by: Thomas Daubney --- tf-psa-crypto/drivers/builtin/src/aes.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/src/aes.c b/tf-psa-crypto/drivers/builtin/src/aes.c index 40370c29fc..0f96db0b32 100644 --- a/tf-psa-crypto/drivers/builtin/src/aes.c +++ b/tf-psa-crypto/drivers/builtin/src/aes.c @@ -841,7 +841,6 @@ int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, AES_RT3(MBEDTLS_BYTE_3(Y0)); \ } while (0) -#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) /* * AES-ECB block encryption */ @@ -965,7 +964,6 @@ static int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, return 0; } #endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ -#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ /* * Our intrinsics-based implementation of AESNI requires the round keys to be From 2f1bebd5518139e1d4e80ff6334528503e1c821c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 25 Jul 2024 10:21:28 +0100 Subject: [PATCH 048/124] Add newline to ChangeLog entry Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-crypto-alt-interface.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/remove-crypto-alt-interface.txt b/ChangeLog.d/remove-crypto-alt-interface.txt index b551e17d1e..f9ab4c221c 100644 --- a/ChangeLog.d/remove-crypto-alt-interface.txt +++ b/ChangeLog.d/remove-crypto-alt-interface.txt @@ -2,4 +2,4 @@ Removals * Drop support for crypto alt interface. Removes MBEDTLS_XXX_ALT options at the module and function level for crypto mechanisms only. The remaining alt interfaces for platform, threading and timing are unchanged. - Fixes #8149. \ No newline at end of file + Fixes #8149. From 3e0273f41a0994fb1bb444622cebd1f9268205b9 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 25 Jul 2024 10:39:47 +0100 Subject: [PATCH 049/124] Internalise functions flagged as internal Signed-off-by: Thomas Daubney --- .../drivers/builtin/include/mbedtls/md5.h | 16 ---------------- .../builtin/include/mbedtls/ripemd160.h | 11 ----------- .../drivers/builtin/include/mbedtls/sha1.h | 18 ------------------ .../drivers/builtin/include/mbedtls/sha256.h | 15 --------------- .../drivers/builtin/include/mbedtls/sha512.h | 15 --------------- tf-psa-crypto/drivers/builtin/src/md5.c | 2 +- tf-psa-crypto/drivers/builtin/src/ripemd160.c | 2 +- tf-psa-crypto/drivers/builtin/src/sha1.c | 2 +- tf-psa-crypto/drivers/builtin/src/sha256.c | 2 +- tf-psa-crypto/drivers/builtin/src/sha512.c | 2 +- 10 files changed, 5 insertions(+), 80 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h index 826cca7a55..ee39bc8251 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h @@ -125,22 +125,6 @@ int mbedtls_md5_update(mbedtls_md5_context *ctx, int mbedtls_md5_finish(mbedtls_md5_context *ctx, unsigned char output[16]); -/** - * \brief MD5 process data block (internal use only) - * - * \param ctx MD5 context - * \param data buffer holding one block of data - * - * \return 0 if successful - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, - const unsigned char data[64]); - /** * \brief Output = MD5( input buffer ) * diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h index 570ab2e441..42f29730d3 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h @@ -86,17 +86,6 @@ int mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx, int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx, unsigned char output[20]); -/** - * \brief RIPEMD-160 process data block (internal use only) - * - * \param ctx RIPEMD-160 context - * \param data buffer holding one block of data - * - * \return 0 if successful - */ -int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx, - const unsigned char data[64]); - /** * \brief Output = RIPEMD-160( input buffer ) * diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h index 4b31c02504..dd47d34bce 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h @@ -142,24 +142,6 @@ int mbedtls_sha1_update(mbedtls_sha1_context *ctx, int mbedtls_sha1_finish(mbedtls_sha1_context *ctx, unsigned char output[20]); -/** - * \brief SHA-1 process data block (internal use only). - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param ctx The SHA-1 context to use. This must be initialized. - * \param data The data block being processed. This must be a - * readable buffer of length \c 64 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - * - */ -int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, - const unsigned char data[64]); - /** * \brief This function calculates the SHA-1 checksum of a buffer. * diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h index 0253f7dc5d..05040ded86 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h @@ -119,21 +119,6 @@ int mbedtls_sha256_update(mbedtls_sha256_context *ctx, int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, unsigned char *output); -/** - * \brief This function processes a single data block within - * the ongoing SHA-256 computation. This function is for - * internal use only. - * - * \param ctx The SHA-256 context. This must be initialized. - * \param data The buffer holding one block of data. This must - * be a readable buffer of length \c 64 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, - const unsigned char data[64]); - /** * \brief This function calculates the SHA-224 or SHA-256 * checksum of a buffer. diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h index 002fe9d935..9d0191870d 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h @@ -120,21 +120,6 @@ int mbedtls_sha512_update(mbedtls_sha512_context *ctx, int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, unsigned char *output); -/** - * \brief This function processes a single data block within - * the ongoing SHA-512 computation. - * This function is for internal use only. - * - * \param ctx The SHA-512 context. This must be initialized. - * \param data The buffer holding one block of data. This - * must be a readable buffer of length \c 128 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, - const unsigned char data[128]); - /** * \brief This function calculates the SHA-512 or SHA-384 * checksum of a buffer. diff --git a/tf-psa-crypto/drivers/builtin/src/md5.c b/tf-psa-crypto/drivers/builtin/src/md5.c index 98b8ee4e9c..519be43f79 100644 --- a/tf-psa-crypto/drivers/builtin/src/md5.c +++ b/tf-psa-crypto/drivers/builtin/src/md5.c @@ -58,7 +58,7 @@ int mbedtls_md5_starts(mbedtls_md5_context *ctx) return 0; } -int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, +static int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, const unsigned char data[64]) { struct { diff --git a/tf-psa-crypto/drivers/builtin/src/ripemd160.c b/tf-psa-crypto/drivers/builtin/src/ripemd160.c index 835df9528a..e1275fbd95 100644 --- a/tf-psa-crypto/drivers/builtin/src/ripemd160.c +++ b/tf-psa-crypto/drivers/builtin/src/ripemd160.c @@ -62,7 +62,7 @@ int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx) /* * Process one block */ -int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx, +static int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx, const unsigned char data[64]) { struct { diff --git a/tf-psa-crypto/drivers/builtin/src/sha1.c b/tf-psa-crypto/drivers/builtin/src/sha1.c index b13381d30a..6c252f6218 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha1.c +++ b/tf-psa-crypto/drivers/builtin/src/sha1.c @@ -59,7 +59,7 @@ int mbedtls_sha1_starts(mbedtls_sha1_context *ctx) return 0; } -int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, +static int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, const unsigned char data[64]) { struct { diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c index 1bfb701bcf..6566d5fdca 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha256.c +++ b/tf-psa-crypto/drivers/builtin/src/sha256.c @@ -617,7 +617,7 @@ static size_t mbedtls_internal_sha256_process_many(mbedtls_sha256_context *ctx, } } -int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, +static int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, const unsigned char data[SHA256_BLOCK_SIZE]) { if (mbedtls_a64_crypto_sha256_has_support()) { diff --git a/tf-psa-crypto/drivers/builtin/src/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c index 52b4f62a9d..25ac70bdf6 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha512.c +++ b/tf-psa-crypto/drivers/builtin/src/sha512.c @@ -737,7 +737,7 @@ static size_t mbedtls_internal_sha512_process_many(mbedtls_sha512_context *ctx, } } -int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, +static int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, const unsigned char data[SHA512_BLOCK_SIZE]) { if (mbedtls_a64_crypto_sha512_has_support()) { From ae5f8cc2537ec7330be7eea4b01448f7b4b7ee37 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 26 Jul 2024 08:20:04 +0100 Subject: [PATCH 050/124] Restore SHA256 & SHA512 prototypes Signed-off-by: Thomas Daubney --- .../drivers/builtin/include/mbedtls/sha256.h | 14 ++++++++++++++ .../drivers/builtin/include/mbedtls/sha512.h | 15 +++++++++++++++ tf-psa-crypto/drivers/builtin/src/sha256.c | 2 +- tf-psa-crypto/drivers/builtin/src/sha512.c | 2 +- 4 files changed, 31 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h index 05040ded86..307f0ec123 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h @@ -119,6 +119,20 @@ int mbedtls_sha256_update(mbedtls_sha256_context *ctx, int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, unsigned char *output); +/** + * \brief This function processes a single data block within + * the ongoing SHA-256 computation. This function is for + * internal use only. + * + * \param ctx The SHA-256 context. This must be initialized. + * \param data The buffer holding one block of data. This must + * be a readable buffer of length \c 64 Bytes. + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, + const unsigned char data[64]); /** * \brief This function calculates the SHA-224 or SHA-256 * checksum of a buffer. diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h index 9d0191870d..002fe9d935 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h @@ -120,6 +120,21 @@ int mbedtls_sha512_update(mbedtls_sha512_context *ctx, int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, unsigned char *output); +/** + * \brief This function processes a single data block within + * the ongoing SHA-512 computation. + * This function is for internal use only. + * + * \param ctx The SHA-512 context. This must be initialized. + * \param data The buffer holding one block of data. This + * must be a readable buffer of length \c 128 Bytes. + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, + const unsigned char data[128]); + /** * \brief This function calculates the SHA-512 or SHA-384 * checksum of a buffer. diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c index 6566d5fdca..1bfb701bcf 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha256.c +++ b/tf-psa-crypto/drivers/builtin/src/sha256.c @@ -617,7 +617,7 @@ static size_t mbedtls_internal_sha256_process_many(mbedtls_sha256_context *ctx, } } -static int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, +int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, const unsigned char data[SHA256_BLOCK_SIZE]) { if (mbedtls_a64_crypto_sha256_has_support()) { diff --git a/tf-psa-crypto/drivers/builtin/src/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c index 25ac70bdf6..52b4f62a9d 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha512.c +++ b/tf-psa-crypto/drivers/builtin/src/sha512.c @@ -737,7 +737,7 @@ static size_t mbedtls_internal_sha512_process_many(mbedtls_sha512_context *ctx, } } -static int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, +int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, const unsigned char data[SHA512_BLOCK_SIZE]) { if (mbedtls_a64_crypto_sha512_has_support()) { From 8ac215e4823dde21c4cee66cafe9d31c8e55ac75 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 26 Jul 2024 14:20:53 +0100 Subject: [PATCH 051/124] Correct code style Signed-off-by: Thomas Daubney --- tf-psa-crypto/drivers/builtin/src/md5.c | 2 +- tf-psa-crypto/drivers/builtin/src/ripemd160.c | 2 +- tf-psa-crypto/drivers/builtin/src/sha1.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/src/md5.c b/tf-psa-crypto/drivers/builtin/src/md5.c index 519be43f79..fd9a8e960b 100644 --- a/tf-psa-crypto/drivers/builtin/src/md5.c +++ b/tf-psa-crypto/drivers/builtin/src/md5.c @@ -59,7 +59,7 @@ int mbedtls_md5_starts(mbedtls_md5_context *ctx) } static int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, - const unsigned char data[64]) + const unsigned char data[64]) { struct { uint32_t X[16], A, B, C, D; diff --git a/tf-psa-crypto/drivers/builtin/src/ripemd160.c b/tf-psa-crypto/drivers/builtin/src/ripemd160.c index e1275fbd95..0845fe821f 100644 --- a/tf-psa-crypto/drivers/builtin/src/ripemd160.c +++ b/tf-psa-crypto/drivers/builtin/src/ripemd160.c @@ -63,7 +63,7 @@ int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx) * Process one block */ static int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx, - const unsigned char data[64]) + const unsigned char data[64]) { struct { uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; diff --git a/tf-psa-crypto/drivers/builtin/src/sha1.c b/tf-psa-crypto/drivers/builtin/src/sha1.c index 6c252f6218..bd1b6301fd 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha1.c +++ b/tf-psa-crypto/drivers/builtin/src/sha1.c @@ -60,7 +60,7 @@ int mbedtls_sha1_starts(mbedtls_sha1_context *ctx) } static int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, - const unsigned char data[64]) + const unsigned char data[64]) { struct { uint32_t temp, W[16], A, B, C, D, E; From d4c886e57ba9e637369c521fdfa3962aab088486 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 30 Jul 2024 10:17:01 +0100 Subject: [PATCH 052/124] Revert to original guarding for mbedtls_internal_aes_encrypt/decrypt Signed-off-by: Thomas Daubney --- tf-psa-crypto/drivers/builtin/src/aes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tf-psa-crypto/drivers/builtin/src/aes.c b/tf-psa-crypto/drivers/builtin/src/aes.c index 0f96db0b32..b9145eaff3 100644 --- a/tf-psa-crypto/drivers/builtin/src/aes.c +++ b/tf-psa-crypto/drivers/builtin/src/aes.c @@ -841,6 +841,7 @@ int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, AES_RT3(MBEDTLS_BYTE_3(Y0)); \ } while (0) +#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) /* * AES-ECB block encryption */ @@ -964,7 +965,7 @@ static int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, return 0; } #endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ - +#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ /* * Our intrinsics-based implementation of AESNI requires the round keys to be * aligned on a 16-byte boundary. We take care of this before creating them, From bfe1b67ec546b3b36d22c4ba3100ab2e0f20add4 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 31 Jul 2024 15:11:00 +0100 Subject: [PATCH 053/124] Make mbedtls_internal_sha256_process static Signed-off-by: Thomas Daubney --- .../drivers/builtin/include/mbedtls/sha256.h | 14 -------------- tf-psa-crypto/drivers/builtin/src/sha256.c | 16 +--------------- 2 files changed, 1 insertion(+), 29 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h index 307f0ec123..05040ded86 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h @@ -119,20 +119,6 @@ int mbedtls_sha256_update(mbedtls_sha256_context *ctx, int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, unsigned char *output); -/** - * \brief This function processes a single data block within - * the ongoing SHA-256 computation. This function is for - * internal use only. - * - * \param ctx The SHA-256 context. This must be initialized. - * \param data The buffer holding one block of data. This must - * be a readable buffer of length \c 64 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, - const unsigned char data[64]); /** * \brief This function calculates the SHA-224 or SHA-256 * checksum of a buffer. diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c index 1bfb701bcf..339fa84422 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha256.c +++ b/tf-psa-crypto/drivers/builtin/src/sha256.c @@ -414,13 +414,6 @@ static size_t mbedtls_internal_sha256_process_many_a64_crypto( return processed; } -#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) -/* - * This function is for internal use only if we are building both C and Armv8-A - * versions, otherwise it is renamed to be the public mbedtls_internal_sha256_process() - */ -static -#endif int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, const unsigned char data[SHA256_BLOCK_SIZE]) { @@ -474,13 +467,6 @@ int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, (d) += local.temp1; (h) = local.temp1 + local.temp2; \ } while (0) -#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT) -/* - * This function is for internal use only if we are building both C and Armv8 - * versions, otherwise it is renamed to be the public mbedtls_internal_sha256_process() - */ -static -#endif int mbedtls_internal_sha256_process_c(mbedtls_sha256_context *ctx, const unsigned char data[SHA256_BLOCK_SIZE]) { @@ -617,7 +603,7 @@ static size_t mbedtls_internal_sha256_process_many(mbedtls_sha256_context *ctx, } } -int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, +static int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, const unsigned char data[SHA256_BLOCK_SIZE]) { if (mbedtls_a64_crypto_sha256_has_support()) { From 7070d26fa02ef931e677cc8c8a581bf532b04dd5 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 31 Jul 2024 15:29:33 +0100 Subject: [PATCH 054/124] Make mbedtls_internal_sha512_process static Signed-off-by: Thomas Daubney --- .../drivers/builtin/include/mbedtls/sha512.h | 15 --------------- tf-psa-crypto/drivers/builtin/src/sha512.c | 16 +--------------- 2 files changed, 1 insertion(+), 30 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h index 002fe9d935..9d0191870d 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h @@ -120,21 +120,6 @@ int mbedtls_sha512_update(mbedtls_sha512_context *ctx, int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, unsigned char *output); -/** - * \brief This function processes a single data block within - * the ongoing SHA-512 computation. - * This function is for internal use only. - * - * \param ctx The SHA-512 context. This must be initialized. - * \param data The buffer holding one block of data. This - * must be a readable buffer of length \c 128 Bytes. - * - * \return \c 0 on success. - * \return A negative error code on failure. - */ -int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, - const unsigned char data[128]); - /** * \brief This function calculates the SHA-512 or SHA-384 * checksum of a buffer. diff --git a/tf-psa-crypto/drivers/builtin/src/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c index 52b4f62a9d..a5ed782799 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha512.c +++ b/tf-psa-crypto/drivers/builtin/src/sha512.c @@ -551,13 +551,6 @@ static size_t mbedtls_internal_sha512_process_many_a64_crypto( return processed; } -#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) -/* - * This function is for internal use only if we are building both C and A64 - * versions, otherwise it is renamed to be the public mbedtls_internal_sha512_process() - */ -static -#endif int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, const unsigned char data[SHA512_BLOCK_SIZE]) { @@ -586,13 +579,6 @@ int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, #if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) -#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) -/* - * This function is for internal use only if we are building both C and A64 - * versions, otherwise it is renamed to be the public mbedtls_internal_sha512_process() - */ -static -#endif int mbedtls_internal_sha512_process_c(mbedtls_sha512_context *ctx, const unsigned char data[SHA512_BLOCK_SIZE]) { @@ -737,7 +723,7 @@ static size_t mbedtls_internal_sha512_process_many(mbedtls_sha512_context *ctx, } } -int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, +static int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, const unsigned char data[SHA512_BLOCK_SIZE]) { if (mbedtls_a64_crypto_sha512_has_support()) { From 38e64fbce0b24587cbd8b8412bded66e8ed53bb1 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 31 Jul 2024 15:32:15 +0100 Subject: [PATCH 055/124] Merge if blocks in SHA256/512 code Signed-off-by: Thomas Daubney --- tf-psa-crypto/drivers/builtin/src/sha256.c | 4 ---- tf-psa-crypto/drivers/builtin/src/sha512.c | 5 ----- 2 files changed, 9 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c index 339fa84422..aff626fb5b 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha256.c +++ b/tf-psa-crypto/drivers/builtin/src/sha256.c @@ -552,10 +552,6 @@ int mbedtls_internal_sha256_process_c(mbedtls_sha256_context *ctx, return 0; } -#endif /* !MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY */ - -#if !defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY) - static size_t mbedtls_internal_sha256_process_many_c( mbedtls_sha256_context *ctx, const uint8_t *data, size_t len) { diff --git a/tf-psa-crypto/drivers/builtin/src/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c index a5ed782799..c1d5e59991 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha512.c +++ b/tf-psa-crypto/drivers/builtin/src/sha512.c @@ -671,11 +671,6 @@ int mbedtls_internal_sha512_process_c(mbedtls_sha512_context *ctx, return 0; } -#endif /* !MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ - - -#if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) - static size_t mbedtls_internal_sha512_process_many_c( mbedtls_sha512_context *ctx, const uint8_t *data, size_t len) { From eb97f2a50fef1ca28266a6e945d2e31aeeca34f4 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 1 Aug 2024 12:19:31 +0100 Subject: [PATCH 056/124] Make missed SHA internal functions static Signed-off-by: Thomas Daubney --- tf-psa-crypto/drivers/builtin/src/sha256.c | 4 ++-- tf-psa-crypto/drivers/builtin/src/sha512.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c index aff626fb5b..95bcf69f23 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha256.c +++ b/tf-psa-crypto/drivers/builtin/src/sha256.c @@ -414,7 +414,7 @@ static size_t mbedtls_internal_sha256_process_many_a64_crypto( return processed; } -int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, +static int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, const unsigned char data[SHA256_BLOCK_SIZE]) { return (mbedtls_internal_sha256_process_many_a64_crypto(ctx, data, @@ -467,7 +467,7 @@ int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, (d) += local.temp1; (h) = local.temp1 + local.temp2; \ } while (0) -int mbedtls_internal_sha256_process_c(mbedtls_sha256_context *ctx, +static int mbedtls_internal_sha256_process_c(mbedtls_sha256_context *ctx, const unsigned char data[SHA256_BLOCK_SIZE]) { struct { diff --git a/tf-psa-crypto/drivers/builtin/src/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c index c1d5e59991..27c7cf2a8a 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha512.c +++ b/tf-psa-crypto/drivers/builtin/src/sha512.c @@ -551,7 +551,7 @@ static size_t mbedtls_internal_sha512_process_many_a64_crypto( return processed; } -int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, +static int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, const unsigned char data[SHA512_BLOCK_SIZE]) { return (mbedtls_internal_sha512_process_many_a64_crypto(ctx, data, @@ -579,7 +579,7 @@ int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, #if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) -int mbedtls_internal_sha512_process_c(mbedtls_sha512_context *ctx, +static int mbedtls_internal_sha512_process_c(mbedtls_sha512_context *ctx, const unsigned char data[SHA512_BLOCK_SIZE]) { int i; From 15129195a697178eb22c5ab5deb93e813e96611c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 1 Aug 2024 13:06:01 +0100 Subject: [PATCH 057/124] Fix code stlye Signed-off-by: Thomas Daubney --- tf-psa-crypto/drivers/builtin/src/sha256.c | 6 +++--- tf-psa-crypto/drivers/builtin/src/sha512.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c index 95bcf69f23..49d98c327b 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha256.c +++ b/tf-psa-crypto/drivers/builtin/src/sha256.c @@ -415,7 +415,7 @@ static size_t mbedtls_internal_sha256_process_many_a64_crypto( } static int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, - const unsigned char data[SHA256_BLOCK_SIZE]) + const unsigned char data[SHA256_BLOCK_SIZE]) { return (mbedtls_internal_sha256_process_many_a64_crypto(ctx, data, SHA256_BLOCK_SIZE) == @@ -468,7 +468,7 @@ static int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ct } while (0) static int mbedtls_internal_sha256_process_c(mbedtls_sha256_context *ctx, - const unsigned char data[SHA256_BLOCK_SIZE]) + const unsigned char data[SHA256_BLOCK_SIZE]) { struct { uint32_t temp1, temp2, W[64]; @@ -600,7 +600,7 @@ static size_t mbedtls_internal_sha256_process_many(mbedtls_sha256_context *ctx, } static int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, - const unsigned char data[SHA256_BLOCK_SIZE]) + const unsigned char data[SHA256_BLOCK_SIZE]) { if (mbedtls_a64_crypto_sha256_has_support()) { return mbedtls_internal_sha256_process_a64_crypto(ctx, data); diff --git a/tf-psa-crypto/drivers/builtin/src/sha512.c b/tf-psa-crypto/drivers/builtin/src/sha512.c index 27c7cf2a8a..9d8cffbc68 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha512.c +++ b/tf-psa-crypto/drivers/builtin/src/sha512.c @@ -552,7 +552,7 @@ static size_t mbedtls_internal_sha512_process_many_a64_crypto( } static int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, - const unsigned char data[SHA512_BLOCK_SIZE]) + const unsigned char data[SHA512_BLOCK_SIZE]) { return (mbedtls_internal_sha512_process_many_a64_crypto(ctx, data, SHA512_BLOCK_SIZE) == @@ -580,7 +580,7 @@ static int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ct #if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) static int mbedtls_internal_sha512_process_c(mbedtls_sha512_context *ctx, - const unsigned char data[SHA512_BLOCK_SIZE]) + const unsigned char data[SHA512_BLOCK_SIZE]) { int i; struct { @@ -719,7 +719,7 @@ static size_t mbedtls_internal_sha512_process_many(mbedtls_sha512_context *ctx, } static int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, - const unsigned char data[SHA512_BLOCK_SIZE]) + const unsigned char data[SHA512_BLOCK_SIZE]) { if (mbedtls_a64_crypto_sha512_has_support()) { return mbedtls_internal_sha512_process_a64_crypto(ctx, data); From 51c85a0296403a7cab02ba9b4b18d9af0e501710 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Fri, 5 Jul 2024 11:20:17 +0100 Subject: [PATCH 058/124] Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA Signed-off-by: Elena Uziunaite --- library/ssl_ciphersuites.c | 4 +- library/ssl_misc.h | 2 +- library/ssl_tls.c | 16 +- tests/suites/test_suite_ssl.data | 192 +++++++++--------- tests/suites/test_suite_ssl_decrypt.misc.data | 64 +++--- 5 files changed, 139 insertions(+), 139 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index f8489488cc..d96e23672d 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1446,7 +1446,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#if defined(MBEDTLS_SSL_HAVE_ARIA) +#if defined(PSA_WANT_KEY_TYPE_ARIA) #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) @@ -1784,7 +1784,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#endif /* MBEDTLS_SSL_HAVE_ARIA */ +#endif /* PSA_WANT_KEY_TYPE_ARIA */ { 0, "", diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5b683bf91d..9ec1741aeb 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -257,7 +257,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); #if defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ (defined(PSA_WANT_KEY_TYPE_AES) || \ defined(MBEDTLS_SSL_HAVE_CAMELLIA) || \ - defined(MBEDTLS_SSL_HAVE_ARIA)) + defined(PSA_WANT_KEY_TYPE_ARIA)) #define MBEDTLS_SSL_SOME_SUITES_USE_CBC #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e1ce066828..976c7f6c69 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2542,56 +2542,56 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type *key_size = 256; break; #endif -#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) +#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) case MBEDTLS_CIPHER_ARIA_128_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 128; break; #endif -#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(PSA_WANT_ALG_CCM) +#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CCM) case MBEDTLS_CIPHER_ARIA_128_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 128; break; #endif -#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(PSA_WANT_ALG_GCM) +#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_GCM) case MBEDTLS_CIPHER_ARIA_128_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 128; break; #endif -#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(PSA_WANT_ALG_CCM) +#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CCM) case MBEDTLS_CIPHER_ARIA_192_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 192; break; #endif -#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(PSA_WANT_ALG_GCM) +#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_GCM) case MBEDTLS_CIPHER_ARIA_192_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 192; break; #endif -#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) +#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) case MBEDTLS_CIPHER_ARIA_256_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 256; break; #endif -#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(PSA_WANT_ALG_CCM) +#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_CCM) case MBEDTLS_CIPHER_ARIA_256_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 256; break; #endif -#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(PSA_WANT_ALG_GCM) +#if defined(PSA_WANT_KEY_TYPE_ARIA) && defined(PSA_WANT_ALG_GCM) case MBEDTLS_CIPHER_ARIA_256_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_ARIA; diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index c16939b882..7913ddde5f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -1162,195 +1162,195 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384 @@ -2034,195 +2034,195 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384 diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data index 6b3dd7a6e8..804cea9878 100644 --- a/tests/suites/test_suite_ssl_decrypt.misc.data +++ b/tests/suites/test_suite_ssl_decrypt.misc.data @@ -143,131 +143,131 @@ depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_38 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1 Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255 Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255 Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad From dc10825ab9fa168a27524886de46a8cfd18aed10 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2024 19:13:19 +0200 Subject: [PATCH 059/124] MBEDTLS_STATIC_ASSERT: make it work outside of a function At the top level, the macro would have had to be used without a following semicolon (except with permissive compilers that accept spurious semicolons outside of a function), which is confusing to humans and indenters. Fix that. Signed-off-by: Gilles Peskine --- library/common.h | 16 +++++++++------- tf-psa-crypto/core/common.h | 16 +++++++++------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/library/common.h b/library/common.h index 3936ffdfe1..7bb2674293 100644 --- a/library/common.h +++ b/library/common.h @@ -352,17 +352,19 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif /* Always provide a static assert macro, so it can be used unconditionally. - * It will expand to nothing on some systems. - * Can be used outside functions (but don't add a trailing ';' in that case: - * the semicolon is included here to avoid triggering -Wextra-semi when - * MBEDTLS_STATIC_ASSERT() expands to nothing). - * Can't use the C11-style `defined(static_assert)` on FreeBSD, since it + * It does nothing on systems where we don't know how to define a static assert. + */ +/* Can't use the C11-style `defined(static_assert)` on FreeBSD, since it * defines static_assert even with -std=c99, but then complains about it. */ #if defined(static_assert) && !defined(__FreeBSD__) -#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg); +#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg) #else -#define MBEDTLS_STATIC_ASSERT(expr, msg) +/* Make sure `MBEDTLS_STATIC_ASSERT(expr, msg);` is valid both inside and + * outside a function. We choose a struct declaration, which can be repeated + * any number of times and does not need a matching definition. */ +#define MBEDTLS_STATIC_ASSERT(expr, msg) \ + struct ISO_C_does_not_allow_extra_semicolon_outside_of_a_function #endif #if defined(__has_builtin) diff --git a/tf-psa-crypto/core/common.h b/tf-psa-crypto/core/common.h index 3936ffdfe1..7bb2674293 100644 --- a/tf-psa-crypto/core/common.h +++ b/tf-psa-crypto/core/common.h @@ -352,17 +352,19 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif /* Always provide a static assert macro, so it can be used unconditionally. - * It will expand to nothing on some systems. - * Can be used outside functions (but don't add a trailing ';' in that case: - * the semicolon is included here to avoid triggering -Wextra-semi when - * MBEDTLS_STATIC_ASSERT() expands to nothing). - * Can't use the C11-style `defined(static_assert)` on FreeBSD, since it + * It does nothing on systems where we don't know how to define a static assert. + */ +/* Can't use the C11-style `defined(static_assert)` on FreeBSD, since it * defines static_assert even with -std=c99, but then complains about it. */ #if defined(static_assert) && !defined(__FreeBSD__) -#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg); +#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg) #else -#define MBEDTLS_STATIC_ASSERT(expr, msg) +/* Make sure `MBEDTLS_STATIC_ASSERT(expr, msg);` is valid both inside and + * outside a function. We choose a struct declaration, which can be repeated + * any number of times and does not need a matching definition. */ +#define MBEDTLS_STATIC_ASSERT(expr, msg) \ + struct ISO_C_does_not_allow_extra_semicolon_outside_of_a_function #endif #if defined(__has_builtin) From bdd16d4cb10c047c98b51cc7e6ad673324588ed9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jun 2024 21:47:31 +0200 Subject: [PATCH 060/124] Make it possible to enable CTR_DRBG/PSA without a PSA AES driver Make it possible, but not officially supported, to switch the CTR_DRBG module to PSA mode even if MBEDTLS_AES_C is defined. This is not really useful in practice, but is convenient to test the PSA mode without setting up drivers. Signed-off-by: Gilles Peskine --- tests/include/test/psa_crypto_helpers.h | 8 +++-- tests/src/psa_crypto_helpers.c | 9 ++++-- .../builtin/include/mbedtls/ctr_drbg.h | 25 ++++++++++++---- tf-psa-crypto/drivers/builtin/src/ctr_drbg.c | 30 +++++++++---------- 4 files changed, 47 insertions(+), 25 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index ea6e8c52dc..37eacb7b24 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -16,6 +16,8 @@ #include #endif +#include + #if defined(MBEDTLS_PSA_CRYPTO_C) /** Initialize the PSA Crypto subsystem. */ #define PSA_INIT() PSA_ASSERT(psa_crypto_init()) @@ -432,12 +434,12 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * This is like #PSA_DONE except it does nothing under the same conditions as * #AES_PSA_INIT. */ -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) #define AES_PSA_INIT() ((void) 0) #define AES_PSA_DONE() ((void) 0) -#else /* MBEDTLS_AES_C */ +#else /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ #define AES_PSA_INIT() PSA_INIT() #define AES_PSA_DONE() PSA_DONE() -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index e1ea2b5c81..1581eecb3b 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -13,6 +13,10 @@ #include #include +#if defined(MBEDTLS_CTR_DRBG_C) +#include +#endif + #if defined(MBEDTLS_PSA_CRYPTO_C) #include @@ -70,8 +74,9 @@ const char *mbedtls_test_helper_is_psa_leaking(void) mbedtls_psa_get_stats(&stats); -#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \ - !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ + defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) /* When AES_C is not defined and PSA does not have an external RNG, * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key * slot is used internally from PSA to hold the AES key and it should diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h index c00756df1b..c7db4702a9 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h @@ -32,9 +32,24 @@ #include "mbedtls/build_info.h" -/* In case AES_C is defined then it is the primary option for backward - * compatibility purposes. If that's not available, PSA is used instead */ -#if defined(MBEDTLS_AES_C) +/* The CTR_DRBG implementation can either directly call the low-level AES + * module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES + * operations. Calling the AES module directly is the default, both for + * maximum backward compatibility and because it's a bit more efficient + * (less glue code). + * + * When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and + * thus benefits from the PSA AES accelerator driver. + * It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO + * to use PSA even when MBEDTLS_AES_C is disabled, but there is very little + * reason to do so other than testing purposes and this is not officially + * supported. + */ +#if !defined(MBEDTLS_AES_C) +#define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO +#endif + +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) #include "mbedtls/aes.h" #else #include "psa/crypto.h" @@ -157,7 +172,7 @@ extern "C" { #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 #endif -#if !defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) typedef struct mbedtls_ctr_drbg_psa_context { mbedtls_svc_key_id_t key_id; psa_cipher_operation_t operation; @@ -189,7 +204,7 @@ typedef struct mbedtls_ctr_drbg_context { * This is the maximum number of requests * that can be made between reseedings. */ -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ #else mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ diff --git a/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c b/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c index 66d9d28c58..aea62bbfd1 100644 --- a/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c +++ b/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c @@ -26,13 +26,13 @@ #endif /* Using error translation functions from PSA to MbedTLS */ -#if !defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) #include "psa_util_internal.h" #endif #include "mbedtls/platform.h" -#if !defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) static psa_status_t ctr_drbg_setup_psa_context(mbedtls_ctr_drbg_psa_context *psa_ctx, unsigned char *key, size_t key_len) { @@ -73,7 +73,7 @@ static void ctr_drbg_destroy_psa_contex(mbedtls_ctr_drbg_psa_context *psa_ctx) void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) { memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) mbedtls_aes_init(&ctx->aes_ctx); #else ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; @@ -102,7 +102,7 @@ void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx) mbedtls_mutex_free(&ctx->mutex); } #endif -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) mbedtls_aes_free(&ctx->aes_ctx); #else ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); @@ -168,7 +168,7 @@ static int block_cipher_df(unsigned char *output, unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; unsigned char *p, *iv; int ret = 0; -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) mbedtls_aes_context aes_ctx; #else psa_status_t status; @@ -209,7 +209,7 @@ static int block_cipher_df(unsigned char *output, key[i] = i; } -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) mbedtls_aes_init(&aes_ctx); if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, @@ -238,7 +238,7 @@ static int block_cipher_df(unsigned char *output, use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, chain, chain)) != 0) { goto exit; @@ -264,7 +264,7 @@ static int block_cipher_df(unsigned char *output, /* * Do final encryption with reduced data */ -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; @@ -282,7 +282,7 @@ static int block_cipher_df(unsigned char *output, p = output; for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, iv, iv)) != 0) { goto exit; @@ -299,7 +299,7 @@ static int block_cipher_df(unsigned char *output, p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } exit: -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) mbedtls_aes_free(&aes_ctx); #else ctr_drbg_destroy_psa_contex(&psa_ctx); @@ -336,7 +336,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, unsigned char *p = tmp; int j; int ret = 0; -#if !defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) psa_status_t status; size_t tmp_len; #endif @@ -352,7 +352,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, /* * Crypt counter block */ -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, p)) != 0) { goto exit; @@ -374,7 +374,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, /* * Update key and counter */ -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; @@ -564,7 +564,7 @@ int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, good_nonce_len(ctx->entropy_len)); /* Initialize with an empty key. */ -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { return ret; @@ -655,7 +655,7 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, /* * Crypt counter block */ -#if defined(MBEDTLS_AES_C) +#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->counter, locals.tmp)) != 0) { goto exit; From 0e3704f0a02923bde728bf39254823baa65f1f4c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jun 2024 22:08:44 +0200 Subject: [PATCH 061/124] Reorder blocks to avoid double negations Convert `#if !... A #else B #endif` to `#if ... B #else A`. No semantic change. Signed-off-by: Gilles Peskine --- tests/include/test/psa_crypto_helpers.h | 8 +- .../builtin/include/mbedtls/ctr_drbg.h | 12 +- tf-psa-crypto/drivers/builtin/src/ctr_drbg.c | 122 +++++++++--------- 3 files changed, 71 insertions(+), 71 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 37eacb7b24..17dfe5f614 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -434,12 +434,12 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * This is like #PSA_DONE except it does nothing under the same conditions as * #AES_PSA_INIT. */ -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) -#define AES_PSA_INIT() ((void) 0) -#define AES_PSA_DONE() ((void) 0) -#else /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) #define AES_PSA_INIT() PSA_INIT() #define AES_PSA_DONE() PSA_DONE() +#else /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ +#define AES_PSA_INIT() ((void) 0) +#define AES_PSA_DONE() ((void) 0) #endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h index c7db4702a9..216169c770 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h @@ -49,10 +49,10 @@ #define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO #endif -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) -#include "mbedtls/aes.h" -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) #include "psa/crypto.h" +#else +#include "mbedtls/aes.h" #endif #include "entropy.h" @@ -204,10 +204,10 @@ typedef struct mbedtls_ctr_drbg_context { * This is the maximum number of requests * that can be made between reseedings. */ -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ +#else + mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ #endif /* diff --git a/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c b/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c index aea62bbfd1..b82044eb7d 100644 --- a/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c +++ b/tf-psa-crypto/drivers/builtin/src/ctr_drbg.c @@ -73,11 +73,11 @@ static void ctr_drbg_destroy_psa_contex(mbedtls_ctr_drbg_psa_context *psa_ctx) void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) { memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - mbedtls_aes_init(&ctx->aes_ctx); -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; ctx->psa_ctx.operation = psa_cipher_operation_init(); +#else + mbedtls_aes_init(&ctx->aes_ctx); #endif /* Indicate that the entropy nonce length is not set explicitly. * See mbedtls_ctr_drbg_set_nonce_len(). */ @@ -102,10 +102,10 @@ void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx) mbedtls_mutex_free(&ctx->mutex); } #endif -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - mbedtls_aes_free(&ctx->aes_ctx); -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); +#else + mbedtls_aes_free(&ctx->aes_ctx); #endif mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context)); ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL; @@ -168,15 +168,15 @@ static int block_cipher_df(unsigned char *output, unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; unsigned char *p, *iv; int ret = 0; -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - mbedtls_aes_context aes_ctx; -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) psa_status_t status; size_t tmp_len; mbedtls_ctr_drbg_psa_context psa_ctx; psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_ctx.operation = psa_cipher_operation_init(); +#else + mbedtls_aes_context aes_ctx; #endif int i, j; @@ -209,19 +209,19 @@ static int block_cipher_df(unsigned char *output, key[i] = i; } -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) + status = ctr_drbg_setup_psa_context(&psa_ctx, key, sizeof(key)); + if (status != PSA_SUCCESS) { + ret = psa_generic_status_to_mbedtls(status); + goto exit; + } +#else mbedtls_aes_init(&aes_ctx); if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } -#else - status = ctr_drbg_setup_psa_context(&psa_ctx, key, sizeof(key)); - if (status != PSA_SUCCESS) { - ret = psa_generic_status_to_mbedtls(status); - goto exit; - } #endif /* @@ -238,18 +238,18 @@ static int block_cipher_df(unsigned char *output, use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, - chain, chain)) != 0) { - goto exit; - } -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) status = psa_cipher_update(&psa_ctx.operation, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); if (status != PSA_SUCCESS) { ret = psa_generic_status_to_mbedtls(status); goto exit; } +#else + if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, + chain, chain)) != 0) { + goto exit; + } #endif } @@ -264,12 +264,7 @@ static int block_cipher_df(unsigned char *output, /* * Do final encryption with reduced data */ -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, - MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { - goto exit; - } -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) ctr_drbg_destroy_psa_contex(&psa_ctx); status = ctr_drbg_setup_psa_context(&psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE); @@ -277,32 +272,37 @@ static int block_cipher_df(unsigned char *output, ret = psa_generic_status_to_mbedtls(status); goto exit; } +#else + if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { + goto exit; + } #endif iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE; p = output; for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, - iv, iv)) != 0) { - goto exit; - } -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) status = psa_cipher_update(&psa_ctx.operation, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); if (status != PSA_SUCCESS) { ret = psa_generic_status_to_mbedtls(status); goto exit; } +#else + if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, + iv, iv)) != 0) { + goto exit; + } #endif memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE); p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } exit: -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - mbedtls_aes_free(&aes_ctx); -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) ctr_drbg_destroy_psa_contex(&psa_ctx); +#else + mbedtls_aes_free(&aes_ctx); #endif /* * tidy up the stack @@ -352,18 +352,18 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, /* * Crypt counter block */ -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, - ctx->counter, p)) != 0) { - goto exit; - } -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) status = psa_cipher_update(&ctx->psa_ctx.operation, ctx->counter, sizeof(ctx->counter), p, MBEDTLS_CTR_DRBG_BLOCKSIZE, &tmp_len); if (status != PSA_SUCCESS) { ret = psa_generic_status_to_mbedtls(status); goto exit; } +#else + if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, + ctx->counter, p)) != 0) { + goto exit; + } #endif p += MBEDTLS_CTR_DRBG_BLOCKSIZE; @@ -374,12 +374,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, /* * Update key and counter */ -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, - MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { - goto exit; - } -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, tmp, MBEDTLS_CTR_DRBG_KEYSIZE); @@ -387,6 +382,11 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, ret = psa_generic_status_to_mbedtls(status); goto exit; } +#else + if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { + goto exit; + } #endif memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE); @@ -564,12 +564,7 @@ int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, good_nonce_len(ctx->entropy_len)); /* Initialize with an empty key. */ -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, - MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { - return ret; - } -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) psa_status_t status; status = ctr_drbg_setup_psa_context(&ctx->psa_ctx, key, MBEDTLS_CTR_DRBG_KEYSIZE); @@ -577,6 +572,11 @@ int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, ret = psa_generic_status_to_mbedtls(status); return status; } +#else + if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { + return ret; + } #endif /* Do the initial seeding. */ @@ -655,12 +655,7 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, /* * Crypt counter block */ -#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, - ctx->counter, locals.tmp)) != 0) { - goto exit; - } -#else +#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) psa_status_t status; size_t tmp_len; @@ -670,6 +665,11 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, ret = psa_generic_status_to_mbedtls(status); goto exit; } +#else + if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, + ctx->counter, locals.tmp)) != 0) { + goto exit; + } #endif use_len = (output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE) From b0b1b329142c116c8efb44fabe34a0f06cce6305 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Jun 2024 16:06:45 +0200 Subject: [PATCH 062/124] Prevent mbedtls_psa_register_se_key with volatile keys mbedtls_psa_register_se_key() is not usable with volatile keys, since there is no way to return the implementation-chosen key identifier which would be needed to use the key. Document this limitation. Reject an attempt to create such an unusable key. Fixes #9253. Signed-off-by: Gilles Peskine --- ChangeLog.d/mbedtls_psa_register_se_key.txt | 3 +++ tf-psa-crypto/core/psa_crypto.c | 8 ++++++++ tf-psa-crypto/include/psa/crypto.h | 3 +++ tf-psa-crypto/include/psa/crypto_extra.h | 8 ++++++++ .../suites/test_suite_psa_crypto_se_driver_hal.data | 11 ++++++++++- 5 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/mbedtls_psa_register_se_key.txt diff --git a/ChangeLog.d/mbedtls_psa_register_se_key.txt b/ChangeLog.d/mbedtls_psa_register_se_key.txt new file mode 100644 index 0000000000..2fc2751ac0 --- /dev/null +++ b/ChangeLog.d/mbedtls_psa_register_se_key.txt @@ -0,0 +1,3 @@ +Bugfix + * Document and enforce the limitation of mbedtls_psa_register_se_key() + to persistent keys. Resolves #9253. diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 0ad4196241..9ca592831f 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -2149,6 +2149,14 @@ psa_status_t mbedtls_psa_register_se_key( return PSA_ERROR_NOT_SUPPORTED; } + /* Not usable with volatile keys, even with an appropriate location, + * due to the API design. + * https://github.com/Mbed-TLS/mbedtls/issues/9253 + */ + if (PSA_KEY_LIFETIME_IS_VOLATILE(psa_get_key_lifetime(attributes))) { + return PSA_ERROR_INVALID_ARGUMENT; + } + status = psa_start_key_creation(PSA_KEY_CREATION_REGISTER, attributes, &slot, &driver); if (status != PSA_SUCCESS) { diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 917e533555..0138b88e15 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -129,6 +129,9 @@ static psa_key_attributes_t psa_key_attributes_init(void); * * \param[out] attributes The attribute structure to write to. * \param key The persistent identifier for the key. + * This can be any value in the range from + * #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX + * inclusive. */ static void psa_set_key_id(psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key); diff --git a/tf-psa-crypto/include/psa/crypto_extra.h b/tf-psa-crypto/include/psa/crypto_extra.h index 6ed1f6c43a..5f413d6aa3 100644 --- a/tf-psa-crypto/include/psa/crypto_extra.h +++ b/tf-psa-crypto/include/psa/crypto_extra.h @@ -154,6 +154,14 @@ static inline void psa_clear_key_slot_number( * specified in \p attributes. * * \param[in] attributes The attributes of the existing key. + * - The lifetime must be a persistent lifetime + * in a secure element. Volatile lifetimes are + * not currently supported. + * - The key identifier must be in the valid + * range for persistent keys. + * - The key type and size must be specified and + * must be consistent with the key material + * in the secure element. * * \retval #PSA_SUCCESS * The key was successfully registered. diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.data index cc89c0fc20..d028b21821 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -148,7 +148,16 @@ generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 ) Key registration: smoke test register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:1:1:PSA_SUCCESS -Key registration: invalid lifetime (volatile internal storage) +Key registration: invalid lifetime (volatile, in SE, id=0) +register_key_smoke_test:TEST_SE_VOLATILE_LIFETIME:7:0:0:PSA_ERROR_INVALID_ARGUMENT + +Key registration: invalid lifetime (volatile, in SE, id=1) +register_key_smoke_test:TEST_SE_VOLATILE_LIFETIME:7:1:1:PSA_ERROR_INVALID_ARGUMENT + +Key registration: invalid lifetime (volatile, internal, id=0) +register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:7:0:0:PSA_ERROR_INVALID_ARGUMENT + +Key registration: invalid lifetime (volatile, internal, id=1) register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:7:1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (internal storage) From 2ff81bf03bd2bfc89bc717c3bc628311ea809187 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jun 2024 22:10:08 +0200 Subject: [PATCH 063/124] Add a test for the built-in key range Restricting the built-in key range would be an API break since applications can hard-code a built-in key value and expect that it won't clash with anything else. Make it harder to accidentally break the API. Signed-off-by: Gilles Peskine --- tf-psa-crypto/include/psa/crypto_extra.h | 2 +- .../test_suite_psa_crypto_driver_wrappers.data | 3 +++ ...test_suite_psa_crypto_driver_wrappers.function | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/tf-psa-crypto/include/psa/crypto_extra.h b/tf-psa-crypto/include/psa/crypto_extra.h index 5f413d6aa3..0cf42c6055 100644 --- a/tf-psa-crypto/include/psa/crypto_extra.h +++ b/tf-psa-crypto/include/psa/crypto_extra.h @@ -487,7 +487,7 @@ psa_status_t mbedtls_psa_external_get_random( * #PSA_KEY_ID_VENDOR_MIN and #PSA_KEY_ID_VENDOR_MAX and must not intersect * with any other set of implementation-chosen key identifiers. * - * This value is part of the library's ABI since changing it would invalidate + * This value is part of the library's API since changing it would invalidate * the values of built-in key identifiers in applications. */ #define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t) 0x7fff0000) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 54e0892004..fb2da8c3c2 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -1,3 +1,6 @@ +Built-in key range +builtin_key_id_stability: + sign_hash transparent driver: in driver ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 sign_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function index e7925dd694..84611faddd 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -489,6 +489,21 @@ exit: * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void builtin_key_id_stability() +{ + /* If the range of built-in keys is reduced, it's an API break, since + * it breaks user code that hard-codes the key id of built-in keys. + * It's ok to expand this range, but not to shrink it. That is, you + * may make the MIN smaller or the MAX larger at any time, but + * making the MIN larger or the MAX smaller can only be done in + * a new major version of the library. + */ + TEST_EQUAL(MBEDTLS_PSA_KEY_ID_BUILTIN_MIN, 0x7fff0000); + TEST_EQUAL(MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, 0x7fffefff); +} +/* END_CASE */ + /* BEGIN_CASE */ void sign_hash(int key_type_arg, int alg_arg, From 3710e72d788d5e7c043d1aed2153c5337fd2b56f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jun 2024 22:15:42 +0200 Subject: [PATCH 064/124] Assert that key ID ranges don't overlap Ensure that a key ID can't be in range for more than one of volatile keys, persistent (i.e. user-chosen) keys or built-in keys. Signed-off-by: Gilles Peskine --- .../core/psa_crypto_slot_management.c | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_slot_management.c b/tf-psa-crypto/core/psa_crypto_slot_management.c index 9986a44969..305ad6ec46 100644 --- a/tf-psa-crypto/core/psa_crypto_slot_management.c +++ b/tf-psa-crypto/core/psa_crypto_slot_management.c @@ -27,6 +27,37 @@ #include "mbedtls/threading.h" #endif + + +/* Make sure we have distinct ranges of key identifiers for distinct + * purposes. */ +MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_USER_MIN < PSA_KEY_ID_USER_MAX, + "Empty user key ID range"); +MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VENDOR_MIN < PSA_KEY_ID_VENDOR_MAX, + "Empty vendor key ID range"); +MBEDTLS_STATIC_ASSERT(MBEDTLS_PSA_KEY_ID_BUILTIN_MIN < MBEDTLS_PSA_KEY_ID_BUILTIN_MAX, + "Empty builtin key ID range"); +MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VOLATILE_MIN < PSA_KEY_ID_VOLATILE_MAX, + "Empty volatile key ID range"); + +MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_USER_MAX < PSA_KEY_ID_VENDOR_MIN || + PSA_KEY_ID_VENDOR_MAX < PSA_KEY_ID_USER_MIN, + "Overlap between user key IDs and vendor key IDs"); + +MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VENDOR_MIN <= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN && + MBEDTLS_PSA_KEY_ID_BUILTIN_MAX <= PSA_KEY_ID_VENDOR_MAX, + "Builtin key identifiers are not in the vendor range"); + +MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VENDOR_MIN <= PSA_KEY_ID_VOLATILE_MIN && + PSA_KEY_ID_VOLATILE_MAX <= PSA_KEY_ID_VENDOR_MAX, + "Volatile key identifiers are not in the vendor range"); + +MBEDTLS_STATIC_ASSERT(PSA_KEY_ID_VOLATILE_MAX < MBEDTLS_PSA_KEY_ID_BUILTIN_MIN || + MBEDTLS_PSA_KEY_ID_BUILTIN_MAX < PSA_KEY_ID_VOLATILE_MIN, + "Overlap between builtin key IDs and volatile key IDs"); + + + typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; uint8_t key_slots_initialized; From 7a0adffd16ec121f01f5ef7486bd7acaa426b43f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Jul 2024 20:02:37 +0200 Subject: [PATCH 065/124] Assert that the key ID range for volatile keys is large enough Signed-off-by: Gilles Peskine --- tf-psa-crypto/core/psa_crypto_slot_management.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_slot_management.c b/tf-psa-crypto/core/psa_crypto_slot_management.c index 305ad6ec46..c2949a61e7 100644 --- a/tf-psa-crypto/core/psa_crypto_slot_management.c +++ b/tf-psa-crypto/core/psa_crypto_slot_management.c @@ -65,6 +65,10 @@ typedef struct { static psa_global_data_t global_data; +MBEDTLS_STATIC_ASSERT(ARRAY_LENGTH(global_data.key_slots) <= + PSA_KEY_ID_VOLATILE_MAX - PSA_KEY_ID_VOLATILE_MIN + 1, + "The volatile key range is larger than the key slot array"); + static uint8_t psa_get_key_slots_initialized(void) { uint8_t initialized; From 1e65e645659e037dc98b7b7b3f2fff194b048e94 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Jul 2024 21:24:05 +0200 Subject: [PATCH 066/124] Fix overlap between volatile keys and built-in keys Fix interference between PSA volatile keys and built-in keys when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. This overlap used to make it possible that a volatile key would receive the identifier of a built-in key, and is now caught by a static assertion. Signed-off-by: Gilles Peskine --- ChangeLog.d/dynamic-keystore.txt | 4 ++++ tf-psa-crypto/core/psa_crypto_slot_management.h | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/dynamic-keystore.txt diff --git a/ChangeLog.d/dynamic-keystore.txt b/ChangeLog.d/dynamic-keystore.txt new file mode 100644 index 0000000000..d576dcd86f --- /dev/null +++ b/ChangeLog.d/dynamic-keystore.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix interference between PSA volatile keys and built-in keys + when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and + MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096. diff --git a/tf-psa-crypto/core/psa_crypto_slot_management.h b/tf-psa-crypto/core/psa_crypto_slot_management.h index a84be7d837..88b7c837cc 100644 --- a/tf-psa-crypto/core/psa_crypto_slot_management.h +++ b/tf-psa-crypto/core/psa_crypto_slot_management.h @@ -15,7 +15,7 @@ /** Range of volatile key identifiers. * - * The last #MBEDTLS_PSA_KEY_SLOT_COUNT identifiers of the implementation + * The first #MBEDTLS_PSA_KEY_SLOT_COUNT identifiers of the implementation * range of key identifiers are reserved for volatile key identifiers. * A volatile key identifier is equal to #PSA_KEY_ID_VOLATILE_MIN plus the * index of the key slot containing the volatile key definition. @@ -23,12 +23,12 @@ /** The minimum value for a volatile key identifier. */ -#define PSA_KEY_ID_VOLATILE_MIN (PSA_KEY_ID_VENDOR_MAX - \ - MBEDTLS_PSA_KEY_SLOT_COUNT + 1) +#define PSA_KEY_ID_VOLATILE_MIN PSA_KEY_ID_VENDOR_MIN /** The maximum value for a volatile key identifier. */ -#define PSA_KEY_ID_VOLATILE_MAX PSA_KEY_ID_VENDOR_MAX +#define PSA_KEY_ID_VOLATILE_MAX \ + (PSA_KEY_ID_VOLATILE_MIN + MBEDTLS_PSA_KEY_SLOT_COUNT - 1) /** Test whether a key identifier is a volatile key identifier. * From ab89fcf7f8e6505535320c17d92c4e66559f4137 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 17 Jul 2024 12:34:19 +0200 Subject: [PATCH 067/124] Update invalid key id in a test case PSA_KEY_ID_VOLATILE_MIN-1 is now in the persistent key ID range, so it's no longer an invalid key ID for registration. Signed-off-by: Gilles Peskine --- .../tests/suites/test_suite_psa_crypto_se_driver_hal.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.data index d028b21821..ae4ee0c25c 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -178,8 +178,8 @@ register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX+1:-1 Key registration: key id min vendor register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MIN:1:PSA_ERROR_INVALID_ARGUMENT -Key registration: key id max vendor except volatile -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MIN-1:1:PSA_ERROR_INVALID_ARGUMENT +Key registration: key id max vendor +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VENDOR_MAX:1:PSA_ERROR_INVALID_ARGUMENT Key registration: key id min volatile register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MIN:1:PSA_ERROR_INVALID_ARGUMENT From 2cb03a553298305ac3fe1cdc71351bb541ddaeb3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Jul 2024 21:29:13 +0200 Subject: [PATCH 068/124] Improve the documentation of MBEDTLS_PSA_KEY_SLOT_COUNT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The description was misleading: setting the option doesn't “restrict” the number of slots, that restriction exists anyway. Setting the option merely determines the value of the limit. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 0f1b54e226..9382849f7c 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3883,13 +3883,18 @@ //#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 /** \def MBEDTLS_PSA_KEY_SLOT_COUNT - * Restrict the PSA library to supporting a maximum amount of simultaneously - * loaded keys. A loaded key is a key stored by the PSA Crypto core as a - * volatile key, or a persistent key which is loaded temporarily by the - * library as part of a crypto operation in flight. * - * If this option is unset, the library will fall back to a default value of - * 32 keys. + * The maximum amount of PSA keys simultaneously in memory. This counts all + * volatile keys, plus loaded persistent keys. + * + * Currently, persistent keys do not need to be loaded all the time while + * a multipart operation is in progress, only while the operation is being + * set up. This may change in future versions of the library. + * + * Currently, the library traverses of the whole table on each access to a + * persistent key. Therefore large values may cause poor performance. + * + * This option has no effect when #MBEDTLS_PSA_CRYPTO_C is disabled. */ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 From c0bdb08f83bb17706f7fc62bf5961801f10a3703 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 21 Jun 2024 00:09:07 +0200 Subject: [PATCH 069/124] Improve full-key-store tests Split the "many transient keys" test function in two: one that expects to successfully create many keys, and one that expects to fill the key store. This will make things easier when we add a dynamic key store where filling the key store is not practical unless artificially limited. Signed-off-by: Gilles Peskine --- ...test_suite_psa_crypto_slot_management.data | 19 +++- ..._suite_psa_crypto_slot_management.function | 102 +++++++++++++++++- 2 files changed, 115 insertions(+), 6 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data index 7d364acab6..560350c6ee 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data @@ -214,8 +214,23 @@ invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_INVALID_HANDLE invalid handle: huge invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE -Open many transient keys -many_transient_keys:42 +Key slot count: less than maximum +many_transient_keys:MBEDTLS_PSA_KEY_SLOT_COUNT - 1 + +Key slot count: maximum +many_transient_keys:MBEDTLS_PSA_KEY_SLOT_COUNT + +Key slot count: try to overfill, destroy first +fill_key_store:0 + +Key slot count: try to overfill, destroy second +fill_key_store:1 + +Key slot count: try to overfill, destroy next-to-last +fill_key_store:-2 + +Key slot count: try to overfill, destroy last +fill_key_store:-1 # Eviction from a key slot to be able to import a new persistent key. Key slot eviction to import a new persistent key diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.function index 94f26f6b42..013945e759 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.function @@ -98,6 +98,11 @@ exit: return 0; } +/* Currently, there is always a maximum number of volatile keys that can + * realistically be reached in tests. When we add configurations where this + * is not true, undefine the macro in such configurations. */ +#define MAX_VOLATILE_KEYS MBEDTLS_PSA_KEY_SLOT_COUNT + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -813,21 +818,19 @@ void many_transient_keys(int max_keys_arg) psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA); for (i = 0; i < max_keys; i++) { + mbedtls_test_set_step(i); status = psa_import_key(&attributes, (uint8_t *) &i, sizeof(i), &keys[i]); - if (status == PSA_ERROR_INSUFFICIENT_MEMORY) { - break; - } PSA_ASSERT(status); TEST_ASSERT(!mbedtls_svc_key_id_is_null(keys[i])); for (j = 0; j < i; j++) { TEST_ASSERT(!mbedtls_svc_key_id_equal(keys[i], keys[j])); } } - max_keys = i; for (i = 1; i < max_keys; i++) { + mbedtls_test_set_step(i); PSA_ASSERT(psa_close_key(keys[i - 1])); PSA_ASSERT(psa_export_key(keys[i], exported, sizeof(exported), @@ -843,6 +846,97 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MAX_VOLATILE_KEYS */ +void fill_key_store(int key_to_destroy_arg) +{ + mbedtls_svc_key_id_t *keys = NULL; + size_t max_keys = MAX_VOLATILE_KEYS; + size_t i, j; + psa_status_t status; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t exported[sizeof(size_t)]; + size_t exported_length; + + PSA_ASSERT(psa_crypto_init()); + + mbedtls_psa_stats_t stats; + mbedtls_psa_get_stats(&stats); + /* Account for any system-created volatile key, e.g. for the RNG. */ + max_keys -= stats.volatile_slots; + TEST_CALLOC(keys, max_keys + 1); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); + psa_set_key_algorithm(&attributes, 0); + psa_set_key_type(&attributes, PSA_KEY_TYPE_RAW_DATA); + + /* Fill the key store. */ + for (i = 0; i < max_keys; i++) { + mbedtls_test_set_step(i); + status = psa_import_key(&attributes, + (uint8_t *) &i, sizeof(i), + &keys[i]); + PSA_ASSERT(status); + TEST_ASSERT(!mbedtls_svc_key_id_is_null(keys[i])); + for (j = 0; j < i; j++) { + TEST_ASSERT(!mbedtls_svc_key_id_equal(keys[i], keys[j])); + } + } + + /* Attempt to overfill. */ + mbedtls_test_set_step(max_keys); + status = psa_import_key(&attributes, + (uint8_t *) &max_keys, sizeof(max_keys), + &keys[max_keys]); + TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_MEMORY); + TEST_ASSERT(mbedtls_svc_key_id_is_null(keys[max_keys])); + + /* Check that the keys are not corrupted. */ + for (i = 0; i < max_keys; i++) { + mbedtls_test_set_step(i); + PSA_ASSERT(psa_export_key(keys[i], + exported, sizeof(exported), + &exported_length)); + TEST_MEMORY_COMPARE(exported, exported_length, + (uint8_t *) &i, sizeof(i)); + } + + /* Destroy one key and try again. */ + size_t key_to_destroy = (key_to_destroy_arg >= 0 ? + (size_t) key_to_destroy_arg : + max_keys + key_to_destroy_arg); + mbedtls_svc_key_id_t reused_id = keys[key_to_destroy]; + const uint8_t replacement_value[1] = { 0x64 }; + PSA_ASSERT(psa_destroy_key(keys[key_to_destroy])); + keys[key_to_destroy] = MBEDTLS_SVC_KEY_ID_INIT; + status = psa_import_key(&attributes, + replacement_value, sizeof(replacement_value), + &keys[key_to_destroy]); + PSA_ASSERT(status); + TEST_ASSERT(mbedtls_svc_key_id_equal(reused_id, keys[key_to_destroy])); + + /* Check that the keys are not corrupted and destroy them. */ + for (i = 0; i < max_keys; i++) { + mbedtls_test_set_step(i); + PSA_ASSERT(psa_export_key(keys[i], + exported, sizeof(exported), + &exported_length)); + if (i == key_to_destroy) { + TEST_MEMORY_COMPARE(exported, exported_length, + replacement_value, sizeof(replacement_value)); + } else { + TEST_MEMORY_COMPARE(exported, exported_length, + (uint8_t *) &i, sizeof(i)); + } + PSA_ASSERT(psa_destroy_key(keys[i])); + keys[i] = MBEDTLS_SVC_KEY_ID_INIT; + } + +exit: + PSA_DONE(); + mbedtls_free(keys); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C */ void key_slot_eviction_to_import_new_key(int lifetime_arg) { From faa909266a1ec0cf2a89dfdd1926c770e3e5f603 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 Jun 2024 20:28:58 +0200 Subject: [PATCH 070/124] Fix spurious test case failure with accelerated AES When the PSA RNG uses AES through a PSA driver, it consumes one volatile key identifier. When MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled, that identifier happens to coincide with the key ID value that the test case assumes not to exist. Use a different value that avoids this coincidence. Signed-off-by: Gilles Peskine --- .../test_suite_psa_crypto_slot_management.data | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data index 560350c6ee..742f9b1ace 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data @@ -122,7 +122,18 @@ open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_DOES_NOT_EXIST Open failure: invalid identifier (implementation range) depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -open_fail:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_DOES_NOT_EXIST +# We need to avoid existing volatile key IDs. Normally there aren't any +# existing volatile keys because the test case doesn't create any, but +# in some configurations, the implementation or a driver creates a +# volatile key during initialization for its own use. At the time of +# writing, this happens in builds where AES uses a PSA driver and the +# PSA RNG uses AES-CTR_DRBG through the PSA AES. +# Pick a key id that's in the middle of the volatile key ID range. +# That works out both when MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled and +# volatile key IDs are assigned starting with the lowest value, and when +# MBEDTLS_PSA_KEY_SLOT_DYNAMIC is disabled and volatile key IDs are assigned +# starting with the highest values. +open_fail:(PSA_KEY_ID_VOLATILE_MIN + PSA_KEY_ID_VOLATILE_MAX) / 2:PSA_ERROR_DOES_NOT_EXIST Open failure: non-existent identifier depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C From 35f057330fd3d5dfe4035de3d33daef018b05f04 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 17 Jul 2024 14:00:31 +0200 Subject: [PATCH 071/124] Keep track of PSA keys used interally When PSA uses CTR_DRBG for its random generator and CTR_DRBG uses PSA for AES, as currently implemented, there is one volatile key in permanent use for the CTR_DRBG instance. Account for that in tests that want to know exactly how many volatile keys are in use, or how many volatile keys can be created. Signed-off-by: Gilles Peskine --- tests/include/test/psa_crypto_helpers.h | 20 ++++++++++++++ tests/src/psa_crypto_helpers.c | 12 --------- .../test_suite_psa_crypto_init.function | 26 +++++++++++++++++++ ...test_suite_psa_crypto_slot_management.data | 5 +--- 4 files changed, 47 insertions(+), 16 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 17dfe5f614..2a8fede5ef 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -442,4 +442,24 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define AES_PSA_DONE() ((void) 0) #endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ +#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ + defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) +/* When AES_C is not defined and PSA does not have an external RNG, + * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key + * slot is used internally from PSA to hold the AES key and it should + * not be taken into account when evaluating remaining open slots. */ +#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 1 +#else +#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 0 +#endif + +/** The number of volatile keys that PSA crypto uses internally. + * + * We expect that many volatile keys to be in use after a successful + * psa_crypto_init(). + */ +#define MBEDTLS_TEST_PSA_INTERNAL_KEYS \ + MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG + #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 1581eecb3b..1069eddfa1 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -74,21 +74,9 @@ const char *mbedtls_test_helper_is_psa_leaking(void) mbedtls_psa_get_stats(&stats); -#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) - /* When AES_C is not defined and PSA does not have an external RNG, - * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key - * slot is used internally from PSA to hold the AES key and it should - * not be taken into account when evaluating remaining open slots. */ if (stats.volatile_slots > 1) { return "A volatile slot has not been closed properly."; } -#else - if (stats.volatile_slots != 0) { - return "A volatile slot has not been closed properly."; - } -#endif if (stats.persistent_slots != 0) { return "A persistent slot has not been closed properly."; } diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function index 9ff33a6d84..2fd282ec61 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function @@ -8,6 +8,23 @@ #include "mbedtls/entropy.h" #include "entropy_poll.h" +static int check_stats(void) +{ + mbedtls_psa_stats_t stats; + mbedtls_psa_get_stats(&stats); + + TEST_EQUAL(stats.volatile_slots, MBEDTLS_TEST_PSA_INTERNAL_KEYS); + TEST_EQUAL(stats.persistent_slots, 0); + TEST_EQUAL(stats.external_slots, 0); + TEST_EQUAL(stats.half_filled_slots, 0); + TEST_EQUAL(stats.locked_slots, 0); + + return 1; + +exit: + return 0; +} + #define ENTROPY_MIN_NV_SEED_SIZE \ MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE) @@ -187,10 +204,19 @@ void init_deinit(int count) psa_status_t status; int i; for (i = 0; i < count; i++) { + mbedtls_test_set_step(2 * i); status = psa_crypto_init(); PSA_ASSERT(status); + if (!check_stats()) { + goto exit; + } + + mbedtls_test_set_step(2 * i); status = psa_crypto_init(); PSA_ASSERT(status); + if (!check_stats()) { + goto exit; + } PSA_DONE(); } } diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data index 742f9b1ace..af3b946754 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data @@ -225,11 +225,8 @@ invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_INVALID_HANDLE invalid handle: huge invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE -Key slot count: less than maximum -many_transient_keys:MBEDTLS_PSA_KEY_SLOT_COUNT - 1 - Key slot count: maximum -many_transient_keys:MBEDTLS_PSA_KEY_SLOT_COUNT +many_transient_keys:MBEDTLS_PSA_KEY_SLOT_COUNT - MBEDTLS_TEST_PSA_INTERNAL_KEYS Key slot count: try to overfill, destroy first fill_key_store:0 From 1eaea5197814e5d12988b972b5002dba4f351bf3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Jul 2024 19:03:02 +0200 Subject: [PATCH 072/124] Fix copypasta Signed-off-by: Gilles Peskine --- tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h index 216169c770..0b7cce1923 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h @@ -41,7 +41,7 @@ * When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and * thus benefits from the PSA AES accelerator driver. * It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO - * to use PSA even when MBEDTLS_AES_C is disabled, but there is very little + * to use PSA even when MBEDTLS_AES_C is enabled, but there is very little * reason to do so other than testing purposes and this is not officially * supported. */ From a0cdde3588065df1990f01f902cbe3b3d0414a7c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 7 Aug 2024 17:07:49 +0100 Subject: [PATCH 073/124] Remove outdated documentation Signed-off-by: Thomas Daubney --- include/mbedtls/mbedtls_config.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3881dbb114..3722c32a44 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -650,10 +650,6 @@ * PSA, and are not restartable. These are temporary limitations that * should be lifted in the future. * - * \note This option only works with the default software implementation of - * elliptic curve functionality. It is incompatible with - * MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. - * * Requires: MBEDTLS_ECP_C * * Uncomment this macro to enable restartable ECC computations. From 88a6baaaaa536d830d352e8832a41a262389f546 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Aug 2024 14:07:24 +0200 Subject: [PATCH 074/124] Be compatible with GNU Make 3.81 GNU Make 3.81 is officially not supported (we require >= 3.82), but be nice to XCode users who are stuck with 3.81. Signed-off-by: Gilles Peskine --- tests/Makefile | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 044459023b..54b9b960c8 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -205,16 +205,11 @@ c: $(C_FILES) # dot in .c file's base name. # .SECONDEXPANSION: -%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data ../framework/scripts/generate_test_code.py ../tf-psa-crypto/tests/suites/helpers.function ../tf-psa-crypto/tests/suites/main_test.function ../tf-psa-crypto/tests/suites/host_test.function - echo " Gen $@" - $(PYTHON) ../framework/scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ - -d suites/$*.data \ - -t ../tf-psa-crypto/tests/suites/main_test.function \ - -p ../tf-psa-crypto/tests/suites/host_test.function \ - -s suites \ - --helpers-file ../tf-psa-crypto/tests/suites/helpers.function \ - -o . +# First handle the tf-psa-crypto case, which has different paths from +# the local case. In GNU Make >=3.82, the shortest match applies regardless +# of the order in the makefile. In GNU Make <=3.81, the first matching rule +# applies. ../tf-psa-crypto/tests/%.c: ../tf-psa-crypto/tests/suites/$$(firstword $$(subst ., ,$$*)).function ../tf-psa-crypto/tests/suites/%.data ../framework/scripts/generate_test_code.py ../tf-psa-crypto/tests/suites/helpers.function ../tf-psa-crypto/tests/suites/main_test.function ../tf-psa-crypto/tests/suites/host_test.function echo " Gen $@" cd ../tf-psa-crypto/tests && $(PYTHON) ../../framework/scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ @@ -225,6 +220,16 @@ c: $(C_FILES) --helpers-file suites/helpers.function \ -o . +%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data ../framework/scripts/generate_test_code.py ../tf-psa-crypto/tests/suites/helpers.function ../tf-psa-crypto/tests/suites/main_test.function ../tf-psa-crypto/tests/suites/host_test.function + echo " Gen $@" + $(PYTHON) ../framework/scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ + -d suites/$*.data \ + -t ../tf-psa-crypto/tests/suites/main_test.function \ + -p ../tf-psa-crypto/tests/suites/host_test.function \ + -s suites \ + --helpers-file ../tf-psa-crypto/tests/suites/helpers.function \ + -o . + $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From ec377b1d815ecae1e0c342ad980fb09430336ea4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Aug 2024 20:08:23 +0200 Subject: [PATCH 075/124] Fix inverted assertion message Signed-off-by: Gilles Peskine --- tf-psa-crypto/core/psa_crypto_slot_management.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/core/psa_crypto_slot_management.c b/tf-psa-crypto/core/psa_crypto_slot_management.c index c2949a61e7..9b297c9c08 100644 --- a/tf-psa-crypto/core/psa_crypto_slot_management.c +++ b/tf-psa-crypto/core/psa_crypto_slot_management.c @@ -67,7 +67,7 @@ static psa_global_data_t global_data; MBEDTLS_STATIC_ASSERT(ARRAY_LENGTH(global_data.key_slots) <= PSA_KEY_ID_VOLATILE_MAX - PSA_KEY_ID_VOLATILE_MIN + 1, - "The volatile key range is larger than the key slot array"); + "The key slot array is larger than the volatile key ID range"); static uint8_t psa_get_key_slots_initialized(void) { From fe8fc7515fe6d923d229b47f7d3ce3b47fb9e0d4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Aug 2024 20:09:08 +0200 Subject: [PATCH 076/124] PSA_DONE: account for MBEDTLS_TEST_PSA_INTERNAL_KEYS Replace the hard-coded 1 by the proper constant now that the proper constant exists. Signed-off-by: Gilles Peskine --- tests/src/psa_crypto_helpers.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 1069eddfa1..197fd41980 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -74,7 +74,12 @@ const char *mbedtls_test_helper_is_psa_leaking(void) mbedtls_psa_get_stats(&stats); - if (stats.volatile_slots > 1) { + /* Some volatile slots may be used for internal purposes. Generally + * we'll have exactly MBEDTLS_TEST_PSA_INTERNAL_KEYS at this point, + * but in some cases we might have less, e.g. if a code path calls + * PSA_DONE more than once, or if there has only been a partial or + * failed initialization. */ + if (stats.volatile_slots > MBEDTLS_TEST_PSA_INTERNAL_KEYS) { return "A volatile slot has not been closed properly."; } if (stats.persistent_slots != 0) { From c51fddbdadfa064078d82013b01c7621f8b918f0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Aug 2024 20:09:49 +0200 Subject: [PATCH 077/124] Improve documentation in some tests Signed-off-by: Gilles Peskine --- .../suites/test_suite_psa_crypto_init.function | 2 ++ ...test_suite_psa_crypto_slot_management.function | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function index 2fd282ec61..954560a24e 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function @@ -219,6 +219,8 @@ void init_deinit(int count) } PSA_DONE(); } +exit: + PSA_DONE(); } /* END_CASE */ diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.function index 013945e759..f679f2e889 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.function @@ -847,6 +847,16 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MAX_VOLATILE_KEYS */ +/* + * 1. Fill the key store with volatile keys. + * 2. Check that attempting to create another volatile key fails without + * corrupting the key store. + * 3. Destroy the key specified by key_to_destroy. This is the number of the + * key in creation order (e.g. 0 means the first key that was created). + * It can also be a negative value to count in reverse order (e.g. + * -1 means to destroy the last key that was created). + * 4. Check that creating another volatile key succeeds. + */ void fill_key_store(int key_to_destroy_arg) { mbedtls_svc_key_id_t *keys = NULL; @@ -912,6 +922,11 @@ void fill_key_store(int key_to_destroy_arg) replacement_value, sizeof(replacement_value), &keys[key_to_destroy]); PSA_ASSERT(status); + /* Since the key store was full except for one key, the new key must be + * in the same slot in the key store as the destroyed key. + * Since volatile keys IDs are assigned based on which slot contains + * the key, the new key should have the same ID as the destroyed key. + */ TEST_ASSERT(mbedtls_svc_key_id_equal(reused_id, keys[key_to_destroy])); /* Check that the keys are not corrupted and destroy them. */ From 6b4cd48d2472f4b3b24c83817dca5ad868b2ea8a Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 4 Jul 2024 17:50:11 +0100 Subject: [PATCH 078/124] Replace MBEDTLS_ECP_HAVE_SECP384R1 with PSA_WANT_ECC_SECP_R1_384 Signed-off-by: Elena Uziunaite --- library/ssl_tls.c | 8 +- tests/suites/test_suite_debug.data | 2 +- tests/suites/test_suite_ssl.data | 96 ++++---- tests/suites/test_suite_ssl.function | 46 ++-- tests/suites/test_suite_x509parse.data | 212 +++++++++--------- tests/suites/test_suite_x509write.data | 4 +- tf-psa-crypto/core/psa_util.c | 2 +- tf-psa-crypto/drivers/builtin/src/oid.c | 4 +- tf-psa-crypto/tests/suites/test_suite_pk.data | 8 +- .../tests/suites/test_suite_pkparse.data | 4 +- 10 files changed, 193 insertions(+), 193 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2372fa3485..69eefe6cac 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5617,7 +5617,7 @@ static const uint16_t ssl_preset_default_groups[] = { #if defined(PSA_WANT_ECC_SECP_R1_256) MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif -#if defined(MBEDTLS_ECP_HAVE_SECP384R1) +#if defined(PSA_WANT_ECC_SECP_R1_384) MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif #if defined(PSA_WANT_ECC_MONTGOMERY_448) @@ -5767,7 +5767,7 @@ static const uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(PSA_WANT_ALG_SHA_384) && \ - defined(MBEDTLS_ECP_HAVE_SECP384R1) + defined(PSA_WANT_ECC_SECP_R1_384) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) #endif @@ -5801,7 +5801,7 @@ static const uint16_t ssl_preset_suiteb_groups[] = { #if defined(PSA_WANT_ECC_SECP_R1_256) MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif -#if defined(MBEDTLS_ECP_HAVE_SECP384R1) +#if defined(PSA_WANT_ECC_SECP_R1_384) MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, #endif MBEDTLS_SSL_IANA_TLS_GROUP_NONE @@ -6246,7 +6246,7 @@ static const struct { #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) { 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512 }, #endif -#if defined(MBEDTLS_ECP_HAVE_SECP384R1) +#if defined(PSA_WANT_ECC_SECP_R1_384) { 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384 }, #endif #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index e324365f61..90598e12d9 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -63,5 +63,5 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA mbedtls_debug_print_crt:"../framework/data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:!MBEDTLS_X509_REMOVE_INFO mbedtls_debug_print_crt:"../framework/data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ff2cbd806f..851534bcd9 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -365,27 +365,27 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 Handshake, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0 Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 DTLS Handshake, tls1_2 @@ -393,31 +393,31 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RS handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 DTLS Handshake, RSA-WITH-AES-128-CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1 DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 DTLS Handshake with serialization, tls1_2 -depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS +depends_on:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS handshake_serialization DTLS Handshake fragmentation, MFL=512 @@ -437,143 +437,143 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Sending app data via TLS, MFL=512 without fragmentation diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 303193af8f..5ed036c636 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -29,7 +29,7 @@ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_SHA_256) && \ - defined(PSA_WANT_ECC_SECP_R1_256) && defined(MBEDTLS_ECP_HAVE_SECP384R1) && \ + defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_R1_384) && \ defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && defined(MBEDTLS_SSL_SESSION_TICKETS) /* * Test function to write early data for negative tests where @@ -2495,7 +2495,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ void mbedtls_endpoint_sanity(int endpoint_type) { enum { BUFFSIZE = 1024 }; @@ -2526,7 +2526,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass) { enum { BUFFSIZE = 1024 }; @@ -2599,7 +2599,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void handshake_version(int dtls, int client_min_version, int client_max_version, int server_min_version, int server_max_version, int expected_negotiated_version) @@ -2691,7 +2691,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void app_data(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments, int dtls) @@ -2720,7 +2720,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments) @@ -2732,7 +2732,7 @@ void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments) @@ -2744,7 +2744,7 @@ void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void handshake_serialization() { mbedtls_test_handshake_test_options options; @@ -2761,7 +2761,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_AES:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ void handshake_fragmentation(int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation) @@ -2801,7 +2801,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void renegotiation(int legacy_renegotiation) { mbedtls_test_handshake_test_options options; @@ -2821,7 +2821,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 */ void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher) { @@ -2848,7 +2848,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void resize_buffers_serialize_mfl(int mfl) { test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, @@ -2858,7 +2858,7 @@ void resize_buffers_serialize_mfl(int mfl) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */ void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation, char *cipher) { @@ -3099,7 +3099,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */ void force_bad_session_id_len() { enum { BUFFSIZE = 1024 }; @@ -3297,7 +3297,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PK_CAN_ECDSA_SOME */ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; @@ -3371,7 +3371,7 @@ exit: MD_OR_USE_PSA_DONE(); } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_ECP_HAVE_SECP384R1 */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ECC_SECP_R1_384 */ void tls13_server_certificate_msg_invalid_vector_len() { int ret = -1; @@ -3565,7 +3565,7 @@ void elliptic_curve_get_properties() #else TEST_UNAVAILABLE_ECC(28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512); #endif -#if defined(MBEDTLS_ECP_HAVE_SECP384R1) || defined(PSA_WANT_ECC_SECP_R1_384) +#if defined(PSA_WANT_ECC_SECP_R1_384) TEST_AVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384); #else TEST_UNAVAILABLE_ECC(24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384); @@ -3626,7 +3626,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ void tls13_resume_session_with_ticket() { int ret = -1; @@ -3708,7 +3708,7 @@ exit: * a temporary workaround to not run the test in Windows-2013 where there is * an issue with mbedtls_vsnprintf(). */ -/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ void tls13_read_early_data(int scenario) { int ret = -1; @@ -3910,7 +3910,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ void tls13_cli_early_data_state(int scenario) { int ret = -1; @@ -4283,7 +4283,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ void tls13_write_early_data(int scenario) { int ret = -1; @@ -4632,7 +4632,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ void tls13_cli_max_early_data_size(int max_early_data_size_arg) { int ret = -1; @@ -4785,7 +4785,7 @@ exit: * a temporary workaround to not run the test in Windows-2013 where there is * an issue with mbedtls_vsnprintf(). */ -/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, int write_size_arg) { int ret = -1; diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 1cf7805d09..1fa477929f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -143,7 +143,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, RSA Certificate Policy any with qualifier @@ -151,7 +151,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any with qualifier -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, RSA Certificate multiple Policies @@ -159,7 +159,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" X509 CRT information, ECDSA Certificate multiple Policies -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" X509 CRT information, RSA Certificate unsupported policy @@ -167,7 +167,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" X509 CRT information, ECDSA Certificate unsupported policy -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_cert_info:"../framework/data_files/parse_input/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" X509 CRT information, Key Usage + Extended Key Usage @@ -572,11 +572,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_25 mbedtls_x509_time_is_future:"../framework/data_files/server5-future.crt":"valid_to":1 X509 Time Future #5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 mbedtls_x509_time_is_future:"../framework/data_files/test-ca2.crt":"valid_from":0 X509 Time Future #6 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_HAVE_TIME_DATE:PSA_WANT_ALG_SHA_256 mbedtls_x509_time_is_future:"../framework/data_files/test-ca2.crt":"valid_to":1 X509 CRT verification #1 (Revoked Cert, Expired CRL, no CN) @@ -584,7 +584,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 CRT verification #1a (Revoked Cert, Future CRL, no CN) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 CRT verification #2 (Revoked Cert, Expired CRL) @@ -592,7 +592,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 CRT verification #2a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 CRT verification #3 (Revoked Cert, Future CRL, CN Mismatch) @@ -600,7 +600,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #3a (Revoked Cert, Expired CRL, CN Mismatch) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #4 (Valid Cert, Expired CRL) @@ -608,7 +608,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL" X509 CRT verification #4a (Revoked Cert, Future CRL) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 CRT verification #5 (Revoked Cert) @@ -636,23 +636,23 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" X509 CRT verification #8 (Valid Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #8a (Expired Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server5-expired.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 CRT verification #8b (Future Cert) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server5-future.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 CRT verification #8c (Expired Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server7-expired.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 CRT verification #8d (Future Cert, longer chain) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server7-future.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 CRT verification #9 (Not trusted Cert) @@ -756,31 +756,31 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WAN x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #33 (Valid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #34 (Valid, EC cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #35 (Revoked, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #36 (Valid, EC CA, SHA1 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1 x509_verify:"../framework/data_files/server5-sha1.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #37 (Valid, EC CA, SHA224 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_224 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_224 x509_verify:"../framework/data_files/server5-sha224.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #38 (Valid, EC CA, SHA384 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server5-sha384.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #39 (Valid, EC CA, SHA512 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA512:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA512:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server5-sha512.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #40 (Valid, depth 0, RSA, CA) @@ -788,7 +788,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_ x509_verify:"../framework/data_files/test-ca.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #41 (Valid, depth 0, EC, CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/test-ca2.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #42 (Depth 0, not CA, RSA) @@ -800,7 +800,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_ x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/server5.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #44 (Corrupted signature, EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #45 (Corrupted signature, RSA) @@ -808,11 +808,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SH x509_verify:"../framework/data_files/server2-badsign.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #45b (Corrupted signature, intermediate CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server7-badsign.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC) @@ -824,35 +824,35 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WAN x509_verify:"../framework/data_files/server7.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 x509_verify:"../framework/data_files/server8_int-ca2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #50 (Valid, multiple CAs) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #51 (Valid, multiple CAs, reverse order) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server2.crt":"../framework/data_files/test-ca_cat21.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #52 (CA keyUsage valid) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt_crl.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #53 (CA keyUsage missing cRLSign) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crt.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #55 (CA keyUsage missing keyCertSign) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-crl.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #56 (CA keyUsage plain wrong) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.ku-ds.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1) @@ -892,7 +892,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH x509_verify:"../framework/data_files/server9-badsign.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #66 (RSASSA-PSS, SHA1, no RSA CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server9.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #67 (Valid, RSASSA-PSS, all defaults) @@ -936,59 +936,59 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify:"../framework/data_files/enco-cert-utf8str.pem":"../framework/data_files/enco-ca-prstr.pem":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #76 (multiple CRLs, not revoked) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #77 (multiple CRLs, revoked) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #78 (multiple CRLs, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #79 (multiple CRLs, revoked by future) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server6.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" X509 CRT verification #80 (multiple CRLs, first future, revoked by second) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat12.crt":"../framework/data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification #81 (multiple CRLs, none relevant) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1 x509_verify:"../framework/data_files/enco-cert-utf8str.pem":"../framework/data_files/enco-ca-prstr.pem":"../framework/data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #82 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-future-present.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #83 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-present-future.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #84 (valid CA and Not yet valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-present-past.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #85 (Not yet valid CA and valid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-past-present.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #86 (Not yet valid CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-future-invalid.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" X509 CRT verification #87 (Expired CA and invalid CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256:MBEDTLS_HAVE_TIME_DATE x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2_cat-past-invalid.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" X509 CRT verification #88 (Spurious cert in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"../framework/data_files/server7_spurious_int-ca.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #89 (Spurious cert later in the chain) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"../framework/data_files/server10_int3_spurious_int-ca2.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #90 (EE with same name as trusted root) @@ -1004,7 +1004,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify:"../framework/data_files/server1.crt":"../framework/data_files/test-ca-alt-good.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #92 (bad name, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) @@ -1012,11 +1012,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WAN x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" X509 CRT verification #95 (Suite B Valid, EC cert, EC CA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest) @@ -1183,7 +1183,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify_ca_cb_failure:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"NULL":MBEDTLS_ERR_X509_FATAL_ERROR X509 CRT verification callback: bad name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_callback:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"globalhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000004\n" X509 CRT verification callback: trusted EE cert @@ -1199,71 +1199,71 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 CRT verification callback: simple, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"../framework/data_files/server5-expired.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 0 - serial 1E - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 CRT verification callback: simple, root expired -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 1 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two trusted roots -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 CRT verification callback: two trusted roots, reversed order -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server1.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 CRT verification callback: root included -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server1_ca.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 1 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 0 - serial 01 - subject C=NL, O=PolarSSL, CN=PolarSSL Server 1 - flags 0x00000000\n" X509 CRT verification callback: intermediate ca -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 x509_verify_callback:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: intermediate ca, root included -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 x509_verify_callback:"../framework/data_files/server7_int-ca_ca2.crt":"../framework/data_files/test-ca_cat12.crt":"NULL":0:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: intermediate ca trusted -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server7_int-ca_ca2.crt":"../framework/data_files/test-int-ca.crt":"NULL":0:"depth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: intermediate ca, EE expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"../framework/data_files/server7-expired.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000001\n" X509 CRT verification callback: intermediate ca, int expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"../framework/data_files/server7_int-ca-exp.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000001\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: intermediate ca, root expired -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1:MBEDTLS_HAVE_TIME_DATE x509_verify_callback:"../framework/data_files/server7_int-ca.crt":"../framework/data_files/test-ca2-expired.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial 01 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000001\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two intermediates -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 x509_verify_callback:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two intermediates, root included -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 x509_verify_callback:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca_cat21.crt":"NULL":0:"depth 3 - serial 03 - subject C=NL, O=PolarSSL, CN=PolarSSL Test CA - flags 0x00000000\ndepth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two intermediates, top int trusted -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":"NULL":0:"depth 2 - serial 0F - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA - flags 0x00000000\ndepth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 CRT verification callback: two intermediates, low int trusted -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256:MBEDTLS_MD_CAN_SHA1 x509_verify_callback:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-int-ca3.crt":"NULL":0:"depth 1 - serial 4D - subject C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3 - flags 0x00000000\ndepth 0 - serial 4B - subject CN=localhost - flags 0x00000000\n" X509 CRT verification callback: no intermediate, bad signature -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_callback:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 0 - serial 09 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" X509 CRT verification callback: one intermediate, bad signature -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_256 x509_verify_callback:"../framework/data_files/server7-badsign.crt":"../framework/data_files/test-ca2.crt":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"depth 2 - serial C1\:43\:E2\:7E\:62\:43\:CC\:E8 - subject C=NL, O=PolarSSL, CN=Polarssl Test EC CA - flags 0x00000000\ndepth 1 - serial 0E - subject C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA - flags 0x00000000\ndepth 0 - serial 10 - subject C=NL, O=PolarSSL, CN=localhost - flags 0x00000008\n" X509 CRT ASN1 (Empty Certificate) @@ -2595,7 +2595,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/test-ca.crt":0:1 X509 CRT parse file dir3/test-ca2.crt -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_parse_file:"../framework/data_files/dir3/test-ca2.crt":0:1 # The parse_path tests are known to fail when compiled for a 32-bit architecture @@ -2606,11 +2606,11 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"../framework/data_files/dir1":0:1 X509 CRT parse path #2 (two certs) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_parse_path:"../framework/data_files/dir2":0:2 X509 CRT parse path #3 (two certs, one non-cert) -depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_parse_path:"../framework/data_files/dir3":1:2 X509 CRT verify long chain (max intermediate CA, trusted) @@ -2618,7 +2618,7 @@ depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_2 mbedtls_x509_crt_verify_max:"../framework/data_files/dir-maxpath/00.crt":"../framework/data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0 X509 CRT verify long chain (max intermediate CA, untrusted) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_max:"../framework/data_files/test-ca2.crt":"../framework/data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA-1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED X509 CRT verify long chain (max intermediate CA + 1) @@ -2674,7 +2674,7 @@ depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_E mbedtls_x509_crt_verify_chain:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #13 (RSA only profile, EC root) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server4.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #13 (RSA only profile, EC trusted EE) @@ -2686,47 +2686,47 @@ depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_S mbedtls_x509_crt_verify_chain:"../framework/data_files/server1.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #15 (suiteb profile, rsa intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 mbedtls_x509_crt_verify_chain:"../framework/data_files/server7.crt ../framework/data_files/test-int-ca.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_PK:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0 X509 CRT verify chain #16 (RSA-only profile, EC intermediate) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_CAN_SHA1 mbedtls_x509_crt_verify_chain:"../framework/data_files/server8.crt ../framework/data_files/test-int-ca2.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"rsa3072":0 X509 CRT verify chain #17 (SHA-512 profile) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server7.crt ../framework/data_files/test-int-ca.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_X509_BADCERT_BAD_MD:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"sha512":0 X509 CRT verify chain #18 (len=1, vrfy fatal on depth 1) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA512 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA512 mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":-1:-2:"":2 X509 CRT verify chain #19 (len=0, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA512 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA512 mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":-1:-1:"":1 X509 CRT verify chain #20 (len=1, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA512:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_CAN_SHA512:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C mbedtls_x509_crt_verify_chain:"../framework/data_files/server5.crt":"../framework/data_files/test-ca.crt":-1:-1:"":1 X509 CRT verify chain #21 (len=3, vrfy fatal on depth 3) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-4:"":8 X509 CRT verify chain #22 (len=3, vrfy fatal on depth 2) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-3:"":4 X509 CRT verify chain #23 (len=3, vrfy fatal on depth 1) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-2:"":2 X509 CRT verify chain #24 (len=3, vrfy fatal on depth 0) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca.crt":-1:-1:"":1 X509 CRT verify chain #25 (len=3, vrfy fatal on depth 3, untrusted) -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1:PSA_WANT_ECC_SECP_R1_384 mbedtls_x509_crt_verify_chain:"../framework/data_files/server10_int3_int-ca2_ca.crt":"../framework/data_files/test-ca2.crt":-1:-4:"":8 X509 OID description #1 @@ -3288,83 +3288,83 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256 x509_verify_restart:"../framework/data_files/server5-selfsigned.crt":"../framework/data_files/server5-selfsigned.crt":0:0:1:0:0 X509 CRT verify restart: no intermediate, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:0:0:0 X509 CRT verify restart: no intermediate, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:1:100:10000 X509 CRT verify restart: no intermediate, max_ops=40000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:40000:0:0 X509 CRT verify restart: no intermediate, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_restart:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":0:0:500:20:80 X509 CRT verify restart: no intermediate, badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 X509 CRT verify restart: no intermediate, badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 X509 CRT verify restart: no intermediate, badsign, max_ops=40000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:40000:0:0 X509 CRT verify restart: no intermediate, badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 x509_verify_restart:"../framework/data_files/server5-badsign.crt":"../framework/data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80 X509 CRT verify restart: one int, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:0:0:0 X509 CRT verify restart: one int, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:1:100:10000 X509 CRT verify restart: one int, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:30000:0:0 X509 CRT verify restart: one int, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10_int3_int-ca2.crt":"../framework/data_files/test-int-ca2.crt":0:0:500:25:100 X509 CRT verify restart: one int, EE badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 X509 CRT verify restart: one int, EE badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 X509 CRT verify restart: one int, EE badsign, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 X509 CRT verify restart: one int, EE badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10-bs_int3.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 X509 CRT verify restart: one int, int badsign, max_ops=0 (disabled) -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 X509 CRT verify restart: one int, int badsign, max_ops=1 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 X509 CRT verify restart: one int, int badsign, max_ops=30000 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 X509 CRT verify restart: one int, int badsign, max_ops=500 -depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_RSA_C x509_verify_restart:"../framework/data_files/server10_int3-bs.pem":"../framework/data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 X509 ext types accessor: ext type present diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 8345125bf0..eff6acd3f4 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -155,11 +155,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial_FF.crt":0:0:"../framework/data_files/test-ca.crt":0 Certificate write check Server5 ECDSA -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256 x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server5 ECDSA, Opaque -depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0 Certificate write check Server1 SHA1, SubjectAltNames diff --git a/tf-psa-crypto/core/psa_util.c b/tf-psa-crypto/core/psa_util.c index b915e13491..7db8bd1fca 100644 --- a/tf-psa-crypto/core/psa_util.c +++ b/tf-psa-crypto/core/psa_util.c @@ -205,7 +205,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, *bits = 256; return PSA_ECC_FAMILY_SECP_R1; #endif -#if defined(MBEDTLS_ECP_HAVE_SECP384R1) +#if defined(PSA_WANT_ECC_SECP_R1_384) case MBEDTLS_ECP_DP_SECP384R1: *bits = 384; return PSA_ECC_FAMILY_SECP_R1; diff --git a/tf-psa-crypto/drivers/builtin/src/oid.c b/tf-psa-crypto/drivers/builtin/src/oid.c index 71c7365d92..108c9346fe 100644 --- a/tf-psa-crypto/drivers/builtin/src/oid.c +++ b/tf-psa-crypto/drivers/builtin/src/oid.c @@ -560,12 +560,12 @@ static const oid_ecp_grp_t oid_ecp_grp[] = MBEDTLS_ECP_DP_SECP256R1, }, #endif /* PSA_WANT_ECC_SECP_R1_256 */ -#if defined(MBEDTLS_ECP_HAVE_SECP384R1) +#if defined(PSA_WANT_ECC_SECP_R1_384) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"), MBEDTLS_ECP_DP_SECP384R1, }, -#endif /* MBEDTLS_ECP_HAVE_SECP384R1 */ +#endif /* PSA_WANT_ECC_SECP_R1_384 */ #if defined(PSA_WANT_ECC_SECP_R1_521) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"), diff --git a/tf-psa-crypto/tests/suites/test_suite_pk.data b/tf-psa-crypto/tests/suites/test_suite_pk.data index 3730f21249..d3b4bad576 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pk.data +++ b/tf-psa-crypto/tests/suites/test_suite_pk.data @@ -51,7 +51,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256 pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:256:32:"ECDSA" PK utils: ECDSA SECP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384 pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:384:48:"ECDSA" PK utils: ECDSA SECP521R1 @@ -411,7 +411,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SE pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0:0:0 ECDSA sign-verify: SECP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_384 pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0:0:0 ECDSA sign-verify: SECP521R1 @@ -655,7 +655,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256 pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0 PSA wrapped sign: SECP384R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_384 pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:0 PSA wrapped sign: SECP521R1 @@ -724,7 +724,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_2 pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256 PK sign ext: SECP384R1, PK_ECDSA, MD_SHA384 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_384 pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384 PK sign ext: SECP521R1, PK_ECDSA, MD_SHA512 diff --git a/tf-psa-crypto/tests/suites/test_suite_pkparse.data b/tf-psa-crypto/tests/suites/test_suite_pkparse.data index f528c14b83..5fc8ef5ad4 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pkparse.data +++ b/tf-psa-crypto/tests/suites/test_suite_pkparse.data @@ -977,7 +977,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"../../framework/data_files/ec_256_pub.comp.pem":0 Parse Public EC Key #5 (RFC 5480, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_384 pk_parse_public_keyfile_ec:"../../framework/data_files/ec_384_pub.pem":0 Parse Public EC Key #5a (RFC 5480, secp384r1, compressed) @@ -1097,7 +1097,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"../../framework/data_files/ec_256_prv.comp.pem":"NULL":0 Parse EC Key #10 (SEC1 PEM, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_384 pk_parse_keyfile_ec:"../../framework/data_files/ec_384_prv.pem":"NULL":0 Parse EC Key #10a (SEC1 PEM, secp384r1, compressed) From 439406707197024e560a54d977af645243ec855f Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Mon, 27 May 2024 19:59:21 +0200 Subject: [PATCH 079/124] Fix server mode only build of v3.6 with MBEDTLS_SSL_CLI_C unset (fixes #9186) Signed-off-by: Michael Schuster --- ChangeLog.d/fix-server-mode-only-build.txt | 3 +++ library/ssl_misc.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-server-mode-only-build.txt diff --git a/ChangeLog.d/fix-server-mode-only-build.txt b/ChangeLog.d/fix-server-mode-only-build.txt new file mode 100644 index 0000000000..d1d8341f79 --- /dev/null +++ b/ChangeLog.d/fix-server-mode-only-build.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but + MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186. diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5b683bf91d..bf867a760d 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1507,7 +1507,7 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) -#if defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_CLI_C) || defined(MBEDTLS_SSL_SRV_C) MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf); #endif From 7e390286282c73dd82a59ada18590ea94f6f9aa7 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Mon, 27 May 2024 20:07:05 +0200 Subject: [PATCH 080/124] Fix build of v3.6 with unset MBEDTLS_DHM_C but MBEDTLS_USE_PSA_CRYPTO set (fixes #9188) Avoid compiler warning about size comparison (like in commit 7910cdd): Clang builds fail, warning about comparing uint8_t to a size that may be >255. Signed-off-by: Michael Schuster --- ChangeLog.d/fix-clang-psa-build-without-dhm.txt | 3 +++ library/ssl_tls12_server.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-clang-psa-build-without-dhm.txt diff --git a/ChangeLog.d/fix-clang-psa-build-without-dhm.txt b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt new file mode 100644 index 0000000000..7ae1c68a40 --- /dev/null +++ b/ChangeLog.d/fix-clang-psa-build-without-dhm.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled + but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188. diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b5b975ff40..81ee6002e1 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3921,7 +3921,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; - uint8_t ecpoint_len; + size_t ecpoint_len; mbedtls_ssl_handshake_params *handshake = ssl->handshake; From a368c8a9af782c78f66ab86c8ed08100254e225b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 6 Aug 2024 12:06:51 +0100 Subject: [PATCH 081/124] Add -Wmissing-prototypes to component_build_no_ssl_srv and component_build_no_ssl_cli in all.sh Signed-off-by: Michael Schuster Signed-off-by: Minos Galanakis --- tests/scripts/components-configuration-tls.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh index cc0e1b50aa..f9360426f4 100644 --- a/tests/scripts/components-configuration-tls.sh +++ b/tests/scripts/components-configuration-tls.sh @@ -244,14 +244,14 @@ component_build_no_ssl_srv () { msg "build: full config except SSL server, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_SRV_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' } component_build_no_ssl_cli () { msg "build: full config except SSL client, make, gcc" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_SSL_CLI_C - make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes' } component_test_no_max_fragment_length () { From 2b87afbd1fb2b6aa105735b0c0653bf6c7c84bde Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Wed, 29 May 2024 19:51:36 +0200 Subject: [PATCH 082/124] Add missing include in tests/src/asn1_helpers.c Signed-off-by: Michael Schuster --- tests/src/asn1_helpers.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c index c8df1995e3..c63bd0cdf7 100644 --- a/tests/src/asn1_helpers.c +++ b/tests/src/asn1_helpers.c @@ -15,6 +15,8 @@ #include +#include + int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end, size_t min_bits, size_t max_bits, int must_be_odd) From 4595e6872d7f9ee5e8720929a3315932b18dae73 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Sat, 1 Jun 2024 21:00:33 +0200 Subject: [PATCH 083/124] Move print_buf into mbedtls_test_print_buf helper function in sample programs Reduce code duplication and fix missing-prototype error for print_buf Signed-off-by: Michael Schuster --- programs/cipher/cipher_aead_demo.c | 14 +++----------- programs/hash/md_hmac_demo.c | 16 ++++------------ programs/psa/aead_demo.c | 14 +++----------- programs/psa/hmac_demo.c | 16 ++++------------ tests/include/test/helpers.h | 3 +++ tests/src/helpers.c | 9 +++++++++ 6 files changed, 26 insertions(+), 46 deletions(-) diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c index 853ec202c6..60a5ea280e 100644 --- a/programs/cipher/cipher_aead_demo.c +++ b/programs/cipher/cipher_aead_demo.c @@ -35,6 +35,8 @@ #include "mbedtls/cipher.h" +#include + #include #include #include @@ -78,16 +80,6 @@ const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; * 32-byte is enough to all the key size supported by this program. */ const unsigned char key_bytes[32] = { 0x2a }; -/* Print the contents of a buffer in hex */ -void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - /* Run an Mbed TLS function and bail out if it fails. * A string description of the error code can be recovered with: * programs/util/strerror */ @@ -198,7 +190,7 @@ static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len, p += tag_len; olen = p - out; - print_buf("out", out, olen); + mbedtls_test_print_buf("out", out, olen); exit: return ret; diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c index 581816a1d9..a0127ed6b7 100644 --- a/programs/hash/md_hmac_demo.c +++ b/programs/hash/md_hmac_demo.c @@ -32,6 +32,8 @@ #include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize +#include + #include #include @@ -56,16 +58,6 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 }; * This example program uses SHA-256, so a 32-byte key makes sense. */ const unsigned char key_bytes[32] = { 0 }; -/* Print the contents of a buffer in hex */ -void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - /* Run an Mbed TLS function and bail out if it fails. * A string description of the error code can be recovered with: * programs/util/strerror */ @@ -107,14 +99,14 @@ int hmac_demo(void) CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1))); CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2))); CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg1", out, mbedtls_md_get_size(info)); + mbedtls_test_print_buf("msg1", out, mbedtls_md_get_size(info)); /* compute HMAC(key, msg2_part1 | msg2_part2) */ CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1))); CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2))); CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg2", out, mbedtls_md_get_size(info)); + mbedtls_test_print_buf("msg2", out, mbedtls_md_get_size(info)); exit: mbedtls_md_free(&ctx); diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c index 619166dba4..b300e3619c 100644 --- a/programs/psa/aead_demo.c +++ b/programs/psa/aead_demo.c @@ -36,6 +36,8 @@ #include "psa/crypto.h" +#include + #include #include #include @@ -81,16 +83,6 @@ const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; * 32-byte is enough to all the key size supported by this program. */ const unsigned char key_bytes[32] = { 0x2a }; -/* Print the contents of a buffer in hex */ -void print_buf(const char *title, uint8_t *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - /* Run a PSA function and bail out if it fails. * The symbolic name of the error code can be recovered using: * programs/psa/psa_constant_name status */ @@ -216,7 +208,7 @@ static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg, p += olen_tag; olen = p - out; - print_buf("out", out, olen); + mbedtls_test_print_buf("out", out, olen); exit: psa_aead_abort(&op); // required on errors, harmless on success diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c index 205505407f..6ed82989b0 100644 --- a/programs/psa/hmac_demo.c +++ b/programs/psa/hmac_demo.c @@ -32,6 +32,8 @@ #include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize +#include + #include #include @@ -58,16 +60,6 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 }; * This example program uses SHA-256, so a 32-byte key makes sense. */ const unsigned char key_bytes[32] = { 0 }; -/* Print the contents of a buffer in hex */ -void print_buf(const char *title, uint8_t *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - /* Run a PSA function and bail out if it fails. * The symbolic name of the error code can be recovered using: * programs/psa/psa_constant_name status */ @@ -122,14 +114,14 @@ psa_status_t hmac_demo(void) PSA_CHECK(psa_mac_update(&op, msg1_part1, sizeof(msg1_part1))); PSA_CHECK(psa_mac_update(&op, msg1_part2, sizeof(msg1_part2))); PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len)); - print_buf("msg1", out, out_len); + mbedtls_test_print_buf("msg1", out, out_len); /* compute HMAC(key, msg2_part1 | msg2_part2) */ PSA_CHECK(psa_mac_sign_setup(&op, key, alg)); PSA_CHECK(psa_mac_update(&op, msg2_part1, sizeof(msg2_part1))); PSA_CHECK(psa_mac_update(&op, msg2_part2, sizeof(msg2_part2))); PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len)); - print_buf("msg2", out, out_len); + mbedtls_test_print_buf("msg2", out, out_len); exit: psa_mac_abort(&op); // needed on error, harmless on success diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index d08100f158..10b321d781 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -381,6 +381,9 @@ unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen); int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, uint32_t a_len, uint32_t b_len); +/* Print the contents of a buffer in hex */ +void mbedtls_test_print_buf(const char *title, unsigned char *buf, size_t len); + #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include "test/fake_external_rng_for_test.h" #endif diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 065d17d3e0..29b2df515d 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -660,6 +660,15 @@ int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, return ret; } +void mbedtls_test_print_buf(const char *title, unsigned char *buf, size_t len) +{ + printf("%s:", title); + for (size_t i = 0; i < len; i++) { + printf(" %02x", buf[i]); + } + printf("\n"); +} + #if defined(MBEDTLS_TEST_HOOKS) void mbedtls_test_err_add_check(int high, int low, const char *file, int line) From e708e86a9b381a9d9bf79dd4551fd8910765b37f Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Sat, 1 Jun 2024 21:08:45 +0200 Subject: [PATCH 084/124] Fix missing-prototype error in programs/fuzz by moving LLVMFuzzerTestOneInput prototype to common.h Signed-off-by: Michael Schuster --- programs/fuzz/common.h | 3 +++ programs/fuzz/fuzz_pkcs7.c | 1 + programs/fuzz/fuzz_pubkey.c | 1 + programs/fuzz/fuzz_x509crl.c | 1 + programs/fuzz/fuzz_x509crt.c | 1 + programs/fuzz/fuzz_x509csr.c | 1 + programs/fuzz/onefile.c | 3 +-- 7 files changed, 9 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h index 094383c7a4..88dceacf72 100644 --- a/programs/fuzz/common.h +++ b/programs/fuzz/common.h @@ -23,3 +23,6 @@ int dummy_random(void *p_rng, unsigned char *output, size_t output_len); int dummy_entropy(void *data, unsigned char *output, size_t len); int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, uint32_t timeout); + +/* Implemented in the fuzz_*.c sources and required by onefile.c */ +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index 2056913f25..38b4dc1399 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -1,5 +1,6 @@ #include #include "mbedtls/pkcs7.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 0b153b14d7..b2500e57c2 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -1,6 +1,7 @@ #include #include #include "mbedtls/pk.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 151db92c89..e8dacd90b6 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -1,5 +1,6 @@ #include #include "mbedtls/x509_crl.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 3eee07258b..74d3b077c6 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -1,5 +1,6 @@ #include #include "mbedtls/x509_crt.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 7946e57eda..4c123f8e0d 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -1,5 +1,6 @@ #include #include "mbedtls/x509_csr.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c index 3b2709f805..2d4330abc3 100644 --- a/programs/fuzz/onefile.c +++ b/programs/fuzz/onefile.c @@ -1,14 +1,13 @@ #include #include #include +#include "common.h" /* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway * in case it contains platform-specific #defines related to malloc or * stdio functions. */ #include "mbedtls/build_info.h" -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); - int main(int argc, char **argv) { FILE *fp; From 8db8d6182f3048f6086dbd3558c2866924834918 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Sat, 1 Jun 2024 21:15:02 +0200 Subject: [PATCH 085/124] Fix missing-prototype errors in sample programs Signed-off-by: Michael Schuster --- programs/hash/md_hmac_demo.c | 2 +- programs/pkey/gen_key.c | 2 +- programs/psa/hmac_demo.c | 2 +- programs/psa/psa_constant_names.c | 4 ++-- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_context_info.c | 32 ++++++++++++------------- programs/ssl/ssl_server2.c | 26 ++++++++++---------- programs/ssl/ssl_test_common_source.c | 18 +++++++------- programs/test/metatest.c | 34 +++++++++++++-------------- programs/test/selftest.c | 4 ++-- programs/test/udp_proxy.c | 12 +++++----- programs/test/zeroize.c | 2 +- programs/util/pem2der.c | 2 +- programs/x509/cert_req.c | 2 +- programs/x509/cert_write.c | 4 ++-- programs/x509/load_roots.c | 2 +- 16 files changed, 75 insertions(+), 75 deletions(-) diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c index a0127ed6b7..ba51bfda26 100644 --- a/programs/hash/md_hmac_demo.c +++ b/programs/hash/md_hmac_demo.c @@ -79,7 +79,7 @@ const unsigned char key_bytes[32] = { 0 }; * This function demonstrates computation of the HMAC of two messages using * the multipart API. */ -int hmac_demo(void) +static int hmac_demo(void) { int ret; const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256; diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 194a5cbba6..4ad162978b 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -39,7 +39,7 @@ int main(void) #define DEV_RANDOM_THRESHOLD 32 -int dev_random_entropy_poll(void *data, unsigned char *output, +static int dev_random_entropy_poll(void *data, unsigned char *output, size_t len, size_t *olen) { FILE *file; diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c index 6ed82989b0..a85de008a7 100644 --- a/programs/psa/hmac_demo.c +++ b/programs/psa/hmac_demo.c @@ -82,7 +82,7 @@ const unsigned char key_bytes[32] = { 0 }; * This function demonstrates computation of the HMAC of two messages using * the multipart API. */ -psa_status_t hmac_demo(void) +static psa_status_t hmac_demo(void) { psa_status_t status; const psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256); diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index 0baf4a065e..7905b527cc 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -192,7 +192,7 @@ typedef enum { TYPE_STATUS, } signed_value_type; -int process_signed(signed_value_type type, long min, long max, char **argp) +static int process_signed(signed_value_type type, long min, long max, char **argp) { for (; *argp != NULL; argp++) { char buffer[200]; @@ -231,7 +231,7 @@ typedef enum { TYPE_KEY_USAGE, } unsigned_value_type; -int process_unsigned(unsigned_value_type type, unsigned long max, char **argp) +static int process_unsigned(unsigned_value_type type, unsigned long max, char **argp) { for (; *argp != NULL; argp++) { char buffer[200]; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index fef5c460d9..c95ff8ee99 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -597,7 +597,7 @@ static int my_verify(void *data, mbedtls_x509_crt *crt, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -int report_cid_usage(mbedtls_ssl_context *ssl, +static int report_cid_usage(mbedtls_ssl_context *ssl, const char *additional_description) { int ret; diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index ee2cdb7b96..9577d2b900 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -111,12 +111,12 @@ const char buf_ln_err[] = "Buffer does not have enough data to complete the pars /* * Basic printing functions */ -void print_version(void) +static void print_version(void) { printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR); } -void print_usage(void) +static void print_usage(void) { print_version(); printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n" @@ -138,7 +138,7 @@ void print_usage(void) ); } -void printf_dbg(const char *str, ...) +static void printf_dbg(const char *str, ...) { if (debug) { va_list args; @@ -151,7 +151,7 @@ void printf_dbg(const char *str, ...) } MBEDTLS_PRINTF_ATTRIBUTE(1, 2) -void printf_err(const char *str, ...) +static void printf_err(const char *str, ...) { va_list args; va_start(args, str); @@ -165,7 +165,7 @@ void printf_err(const char *str, ...) /* * Exit from the program in case of error */ -void error_exit(void) +static void error_exit(void) { if (NULL != b64_file) { fclose(b64_file); @@ -176,7 +176,7 @@ void error_exit(void) /* * This function takes the input arguments of this program */ -void parse_arguments(int argc, char *argv[]) +static void parse_arguments(int argc, char *argv[]) { int i = 1; @@ -223,7 +223,7 @@ void parse_arguments(int argc, char *argv[]) /* * This function prints base64 code to the stdout */ -void print_b64(const uint8_t *b, size_t len) +static void print_b64(const uint8_t *b, size_t len) { size_t i = 0; const uint8_t *end = b + len; @@ -247,7 +247,7 @@ void print_b64(const uint8_t *b, size_t len) * /p in_line number of bytes in one line * /p prefix prefix for the new lines */ -void print_hex(const uint8_t *b, size_t len, +static void print_hex(const uint8_t *b, size_t len, const size_t in_line, const char *prefix) { size_t i = 0; @@ -271,7 +271,7 @@ void print_hex(const uint8_t *b, size_t len, /* * Print the value of time_t in format e.g. 2020-01-23 13:05:59 */ -void print_time(const uint64_t *time) +static void print_time(const uint64_t *time) { #if defined(MBEDTLS_HAVE_TIME) char buf[20]; @@ -292,7 +292,7 @@ void print_time(const uint64_t *time) /* * Print the input string if the bit is set in the value */ -void print_if_bit(const char *str, int bit, int val) +static void print_if_bit(const char *str, int bit, int val) { if (bit & val) { printf("\t%s\n", str); @@ -302,7 +302,7 @@ void print_if_bit(const char *str, int bit, int val) /* * Return pointer to hardcoded "enabled" or "disabled" depending on the input value */ -const char *get_enabled_str(int is_en) +static const char *get_enabled_str(int is_en) { return (is_en) ? "enabled" : "disabled"; } @@ -310,7 +310,7 @@ const char *get_enabled_str(int is_en) /* * Return pointer to hardcoded MFL string value depending on the MFL code at the input */ -const char *get_mfl_str(int mfl_code) +static const char *get_mfl_str(int mfl_code) { switch (mfl_code) { case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: @@ -343,7 +343,7 @@ const char *get_mfl_str(int mfl_code) * \retval number of bytes written in to the b64 buffer or 0 in case no more * data was found */ -size_t read_next_b64_code(uint8_t **b64, size_t *max_len) +static size_t read_next_b64_code(uint8_t **b64, size_t *max_len) { int valid_balance = 0; /* balance between valid and invalid characters */ size_t len = 0; @@ -443,7 +443,7 @@ size_t read_next_b64_code(uint8_t **b64, size_t *max_len) * /p ssl pointer to serialized certificate * /p len number of bytes in the buffer */ -void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len) +static void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len) { enum { STRLEN = 4096 }; mbedtls_x509_crt crt; @@ -509,7 +509,7 @@ void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len) * /p len number of bytes in the buffer * /p session_cfg_flag session configuration flags */ -void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, +static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, int session_cfg_flag) { const struct mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -746,7 +746,7 @@ void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, * /p ssl pointer to serialized session * /p len number of bytes in the buffer */ -void print_deserialized_ssl_context(const uint8_t *ssl, size_t len) +static void print_deserialized_ssl_context(const uint8_t *ssl, size_t len) { const uint8_t *end = ssl + len; uint32_t session_len; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 81b125693d..51167b13cb 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -756,7 +756,7 @@ struct _sni_entry { sni_entry *next; }; -void sni_free(sni_entry *head) +static void sni_free(sni_entry *head) { sni_entry *cur = head, *next; @@ -786,7 +786,7 @@ void sni_free(sni_entry *head) * * Modifies the input string! This is not production quality! */ -sni_entry *sni_parse(char *sni_string) +static sni_entry *sni_parse(char *sni_string) { sni_entry *cur = NULL, *new = NULL; char *p = sni_string; @@ -878,7 +878,7 @@ error: /* * SNI callback. */ -int sni_callback(void *p_info, mbedtls_ssl_context *ssl, +static int sni_callback(void *p_info, mbedtls_ssl_context *ssl, const unsigned char *name, size_t name_len) { const sni_entry *cur = (const sni_entry *) p_info; @@ -909,7 +909,7 @@ int sni_callback(void *p_info, mbedtls_ssl_context *ssl, /* * server certificate selection callback. */ -int cert_callback(mbedtls_ssl_context *ssl) +static int cert_callback(mbedtls_ssl_context *ssl) { const sni_entry *cur = (sni_entry *) mbedtls_ssl_get_user_data_p(ssl); if (cur != NULL) { @@ -954,7 +954,7 @@ struct _psk_entry { /* * Free a list of psk_entry's */ -int psk_free(psk_entry *head) +static int psk_free(psk_entry *head) { psk_entry *next; @@ -985,7 +985,7 @@ int psk_free(psk_entry *head) * * Modifies the input string! This is not production quality! */ -psk_entry *psk_parse(char *psk_string) +static psk_entry *psk_parse(char *psk_string) { psk_entry *cur = NULL, *new = NULL; char *p = psk_string; @@ -1027,7 +1027,7 @@ error: /* * PSK callback */ -int psk_callback(void *p_info, mbedtls_ssl_context *ssl, +static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, const unsigned char *name, size_t name_len) { psk_entry *cur = (psk_entry *) p_info; @@ -1055,7 +1055,7 @@ static mbedtls_net_context listen_fd, client_fd; /* Interruption handler to ensure clean exit (for valgrind testing) */ #if !defined(_WIN32) static int received_sigterm = 0; -void term_handler(int sig) +static void term_handler(int sig) { ((void) sig); received_sigterm = 1; @@ -1105,7 +1105,7 @@ typedef struct { void *p_rng; } ssl_async_key_context_t; -int ssl_async_set_key(ssl_async_key_context_t *ctx, +static int ssl_async_set_key(ssl_async_key_context_t *ctx, mbedtls_x509_crt *cert, mbedtls_pk_context *pk, int pk_take_ownership, @@ -1332,7 +1332,7 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -int report_cid_usage(mbedtls_ssl_context *ssl, +static int report_cid_usage(mbedtls_ssl_context *ssl, const char *additional_description) { int ret; @@ -1383,7 +1383,7 @@ static inline void put_unaligned_uint32(void *p, uint32_t x) } /* Functions for session ticket tests */ -int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, +static int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, unsigned char *start, const unsigned char *end, size_t *tlen, uint32_t *ticket_lifetime) { @@ -1410,7 +1410,7 @@ int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, return 0; } -int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, +static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, unsigned char *buf, size_t len) { int ret; @@ -1469,7 +1469,7 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */ -int parse_cipher(char *buf) +static int parse_cipher(char *buf) { if (strcmp(buf, "AES-128-CCM")) { return MBEDTLS_CIPHER_AES_128_CCM; diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 87276b46b6..799a882643 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -12,7 +12,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -void eap_tls_key_derivation(void *p_expkey, +static void eap_tls_key_derivation(void *p_expkey, mbedtls_ssl_key_export_type secret_type, const unsigned char *secret, size_t secret_len, @@ -36,7 +36,7 @@ void eap_tls_key_derivation(void *p_expkey, keys->tls_prf_type = tls_prf_type; } -void nss_keylog_export(void *p_expkey, +static void nss_keylog_export(void *p_expkey, mbedtls_ssl_key_export_type secret_type, const unsigned char *secret, size_t secret_len, @@ -106,7 +106,7 @@ exit: } #if defined(MBEDTLS_SSL_DTLS_SRTP) -void dtls_srtp_key_derivation(void *p_expkey, +static void dtls_srtp_key_derivation(void *p_expkey, mbedtls_ssl_key_export_type secret_type, const unsigned char *secret, size_t secret_len, @@ -131,7 +131,7 @@ void dtls_srtp_key_derivation(void *p_expkey, } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -int ssl_check_record(mbedtls_ssl_context const *ssl, +static int ssl_check_record(mbedtls_ssl_context const *ssl, unsigned char const *buf, size_t len) { int my_ret = 0, ret_cr1, ret_cr2; @@ -195,7 +195,7 @@ cleanup: return my_ret; } -int recv_cb(void *ctx, unsigned char *buf, size_t len) +static int recv_cb(void *ctx, unsigned char *buf, size_t len) { io_ctx_t *io_ctx = (io_ctx_t *) ctx; size_t recv_len; @@ -223,7 +223,7 @@ int recv_cb(void *ctx, unsigned char *buf, size_t len) return (int) recv_len; } -int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, +static int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, uint32_t timeout) { io_ctx_t *io_ctx = (io_ctx_t *) ctx; @@ -248,7 +248,7 @@ int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, return (int) recv_len; } -int send_cb(void *ctx, unsigned char const *buf, size_t len) +static int send_cb(void *ctx, unsigned char const *buf, size_t len) { io_ctx_t *io_ctx = (io_ctx_t *) ctx; @@ -319,7 +319,7 @@ uint16_t ssl_sig_algs_for_test[] = { /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function * for more info. */ -int x509_crt_verify_info(char *buf, size_t size, const char *prefix, +static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags) { #if !defined(MBEDTLS_X509_REMOVE_INFO) @@ -352,7 +352,7 @@ int x509_crt_verify_info(char *buf, size_t size, const char *prefix, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_print_supported_sig_algs(void) +static void mbedtls_print_supported_sig_algs(void) { mbedtls_printf("supported signature algorithms:\n"); mbedtls_printf("\trsa_pkcs1_sha256 "); diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 75829ecee2..9d90d8cb72 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -76,13 +76,13 @@ void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) = /* Test framework features */ /****************************************************************/ -void meta_test_fail(const char *name) +static void meta_test_fail(const char *name) { (void) name; mbedtls_test_fail("Forced test failure", __LINE__, __FILE__); } -void meta_test_not_equal(const char *name) +static void meta_test_not_equal(const char *name) { int left = 20; int right = 10; @@ -94,7 +94,7 @@ exit: ; } -void meta_test_not_le_s(const char *name) +static void meta_test_not_le_s(const char *name) { int left = 20; int right = 10; @@ -106,7 +106,7 @@ exit: ; } -void meta_test_not_le_u(const char *name) +static void meta_test_not_le_u(const char *name) { size_t left = 20; size_t right = 10; @@ -122,7 +122,7 @@ exit: /* Platform features */ /****************************************************************/ -void null_pointer_dereference(const char *name) +static void null_pointer_dereference(const char *name) { (void) name; volatile char *volatile p; @@ -131,7 +131,7 @@ void null_pointer_dereference(const char *name) mbedtls_printf("%p -> %u\n", p, (unsigned) *p); } -void null_pointer_call(const char *name) +static void null_pointer_call(const char *name) { (void) name; unsigned(*volatile p)(void); @@ -148,7 +148,7 @@ void null_pointer_call(const char *name) /* Memory */ /****************************************************************/ -void read_after_free(const char *name) +static void read_after_free(const char *name) { (void) name; volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); @@ -158,7 +158,7 @@ void read_after_free(const char *name) mbedtls_printf("%u\n", (unsigned) *p); } -void double_free(const char *name) +static void double_free(const char *name) { (void) name; volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); @@ -168,7 +168,7 @@ void double_free(const char *name) free_but_the_compiler_does_not_know((void *) p); } -void read_uninitialized_stack(const char *name) +static void read_uninitialized_stack(const char *name) { (void) name; char buf[1]; @@ -182,7 +182,7 @@ void read_uninitialized_stack(const char *name) } } -void memory_leak(const char *name) +static void memory_leak(const char *name) { (void) name; volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); @@ -196,7 +196,7 @@ void memory_leak(const char *name) * %(start), %(offset) and %(count) are decimal integers. * %(direction) is either the character 'r' for read or 'w' for write. */ -void test_memory_poison(const char *name) +static void test_memory_poison(const char *name) { size_t start = 0, offset = 0, count = 0; char direction = 'r'; @@ -254,7 +254,7 @@ void test_memory_poison(const char *name) /* Threading */ /****************************************************************/ -void mutex_lock_not_initialized(const char *name) +static void mutex_lock_not_initialized(const char *name) { (void) name; #if defined(MBEDTLS_THREADING_C) @@ -270,7 +270,7 @@ exit: #endif } -void mutex_unlock_not_initialized(const char *name) +static void mutex_unlock_not_initialized(const char *name) { (void) name; #if defined(MBEDTLS_THREADING_C) @@ -286,7 +286,7 @@ exit: #endif } -void mutex_free_not_initialized(const char *name) +static void mutex_free_not_initialized(const char *name) { (void) name; #if defined(MBEDTLS_THREADING_C) @@ -300,7 +300,7 @@ void mutex_free_not_initialized(const char *name) #endif } -void mutex_double_init(const char *name) +static void mutex_double_init(const char *name) { (void) name; #if defined(MBEDTLS_THREADING_C) @@ -315,7 +315,7 @@ void mutex_double_init(const char *name) #endif } -void mutex_double_free(const char *name) +static void mutex_double_free(const char *name) { (void) name; #if defined(MBEDTLS_THREADING_C) @@ -330,7 +330,7 @@ void mutex_double_free(const char *name) #endif } -void mutex_leak(const char *name) +static void mutex_leak(const char *name) { (void) name; #if defined(MBEDTLS_THREADING_C) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 043209b7ff..e72386f023 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -241,7 +241,7 @@ static void create_entropy_seed_file(void) } #endif -int mbedtls_entropy_self_test_wrapper(int verbose) +static int mbedtls_entropy_self_test_wrapper(int verbose) { #if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) create_entropy_seed_file(); @@ -252,7 +252,7 @@ int mbedtls_entropy_self_test_wrapper(int verbose) #if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose) +static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose) { if (verbose != 0) { #if defined(MBEDTLS_MEMORY_DEBUG) diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index beaa8bd5ea..bf06871319 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -483,7 +483,7 @@ typedef struct { } packet; /* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */ -void print_packet(const packet *p, const char *why) +static void print_packet(const packet *p, const char *why) { #if defined(MBEDTLS_TIMING_C) if (why == NULL) { @@ -527,7 +527,7 @@ typedef enum { static inject_clihlo_state_t inject_clihlo_state; static packet initial_clihlo; -int send_packet(const packet *p, const char *why) +static int send_packet(const packet *p, const char *why) { int ret; mbedtls_net_context *dst = p->dst; @@ -616,13 +616,13 @@ int send_packet(const packet *p, const char *why) static size_t prev_len; static packet prev[MAX_DELAYED_MSG]; -void clear_pending(void) +static void clear_pending(void) { memset(&prev, 0, sizeof(prev)); prev_len = 0; } -void delay_packet(packet *delay) +static void delay_packet(packet *delay) { if (prev_len == MAX_DELAYED_MSG) { return; @@ -631,7 +631,7 @@ void delay_packet(packet *delay) memcpy(&prev[prev_len++], delay, sizeof(packet)); } -int send_delayed(void) +static int send_delayed(void) { uint8_t offset; int ret; @@ -663,7 +663,7 @@ int send_delayed(void) static unsigned char held[2048] = { 0 }; #define HOLD_MAX 2 -int handle_message(const char *way, +static int handle_message(const char *way, mbedtls_net_context *dst, mbedtls_net_context *src) { diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 1e9b98d71e..c1cee0d840 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -23,7 +23,7 @@ #define BUFFER_LEN 1024 -void usage(void) +static void usage(void) { mbedtls_printf("Zeroize is a simple program to assist with testing\n"); mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n"); diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index d682c2b067..4d63478d75 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -45,7 +45,7 @@ struct options { const char *output_file; /* where to store the output */ } opt; -int convert_pem_to_der(const unsigned char *input, size_t ilen, +static int convert_pem_to_der(const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen) { int ret; diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index d14b071271..1482cc1f20 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -107,7 +107,7 @@ struct options { mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ } opt; -int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, +static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 8c10498c4f..ec9bf11f7c 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -204,7 +204,7 @@ struct options { int format; /* format */ } opt; -int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, +static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { @@ -249,7 +249,7 @@ int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, return 0; } -int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax, +static int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax, const char *ibuf, size_t *len) { unsigned long long int dec; diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index f0e6acf25a..d14537fd47 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -48,7 +48,7 @@ struct options { } opt; -int read_certificates(const char *const *filenames) +static int read_certificates(const char *const *filenames) { mbedtls_x509_crt cas; int ret = 0; From 04200937950ae1d76bb92ede3c1ad3717fca0675 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Wed, 12 Jun 2024 00:05:25 +0200 Subject: [PATCH 086/124] Adjust spacing in sample programs Signed-off-by: Michael Schuster --- programs/pkey/gen_key.c | 2 +- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_context_info.c | 4 +-- programs/ssl/ssl_server2.c | 20 ++++++------- programs/ssl/ssl_test_common_source.c | 42 +++++++++++++-------------- programs/test/udp_proxy.c | 4 +-- programs/util/pem2der.c | 2 +- programs/x509/cert_req.c | 24 +++++++-------- programs/x509/cert_write.c | 6 ++-- 9 files changed, 53 insertions(+), 53 deletions(-) diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 4ad162978b..83d7b71875 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -40,7 +40,7 @@ int main(void) #define DEV_RANDOM_THRESHOLD 32 static int dev_random_entropy_poll(void *data, unsigned char *output, - size_t len, size_t *olen) + size_t len, size_t *olen) { FILE *file; size_t ret, left = len; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c95ff8ee99..07b72a6614 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -598,7 +598,7 @@ static int my_verify(void *data, mbedtls_x509_crt *crt, #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int report_cid_usage(mbedtls_ssl_context *ssl, - const char *additional_description) + const char *additional_description) { int ret; unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 9577d2b900..51e87817ad 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -248,7 +248,7 @@ static void print_b64(const uint8_t *b, size_t len) * /p prefix prefix for the new lines */ static void print_hex(const uint8_t *b, size_t len, - const size_t in_line, const char *prefix) + const size_t in_line, const char *prefix) { size_t i = 0; const uint8_t *end = b + len; @@ -510,7 +510,7 @@ static void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len) * /p session_cfg_flag session configuration flags */ static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, - int session_cfg_flag) + int session_cfg_flag) { const struct mbedtls_ssl_ciphersuite_t *ciphersuite_info; int ciphersuite_id; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 51167b13cb..679956c402 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -879,7 +879,7 @@ error: * SNI callback. */ static int sni_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) + const unsigned char *name, size_t name_len) { const sni_entry *cur = (const sni_entry *) p_info; @@ -1028,7 +1028,7 @@ error: * PSK callback */ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl, - const unsigned char *name, size_t name_len) + const unsigned char *name, size_t name_len) { psk_entry *cur = (psk_entry *) p_info; @@ -1106,10 +1106,10 @@ typedef struct { } ssl_async_key_context_t; static int ssl_async_set_key(ssl_async_key_context_t *ctx, - mbedtls_x509_crt *cert, - mbedtls_pk_context *pk, - int pk_take_ownership, - unsigned delay) + mbedtls_x509_crt *cert, + mbedtls_pk_context *pk, + int pk_take_ownership, + unsigned delay) { if (ctx->slots_used >= sizeof(ctx->slots) / sizeof(*ctx->slots)) { return -1; @@ -1333,7 +1333,7 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot, #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) static int report_cid_usage(mbedtls_ssl_context *ssl, - const char *additional_description) + const char *additional_description) { int ret; unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; @@ -1384,8 +1384,8 @@ static inline void put_unaligned_uint32(void *p, uint32_t x) /* Functions for session ticket tests */ static int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, - unsigned char *start, const unsigned char *end, - size_t *tlen, uint32_t *ticket_lifetime) + unsigned char *start, const unsigned char *end, + size_t *tlen, uint32_t *ticket_lifetime) { int ret; unsigned char *p = start; @@ -1411,7 +1411,7 @@ static int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session } static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, - unsigned char *buf, size_t len) + unsigned char *buf, size_t len) { int ret; ((void) p_ticket); diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 799a882643..98fae361ae 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -13,12 +13,12 @@ */ static void eap_tls_key_derivation(void *p_expkey, - mbedtls_ssl_key_export_type secret_type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) + mbedtls_ssl_key_export_type secret_type, + const unsigned char *secret, + size_t secret_len, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type) { eap_tls_keys *keys = (eap_tls_keys *) p_expkey; @@ -37,12 +37,12 @@ static void eap_tls_key_derivation(void *p_expkey, } static void nss_keylog_export(void *p_expkey, - mbedtls_ssl_key_export_type secret_type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) + mbedtls_ssl_key_export_type secret_type, + const unsigned char *secret, + size_t secret_len, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type) { char nss_keylog_line[200]; size_t const client_random_len = 32; @@ -107,12 +107,12 @@ exit: #if defined(MBEDTLS_SSL_DTLS_SRTP) static void dtls_srtp_key_derivation(void *p_expkey, - mbedtls_ssl_key_export_type secret_type, - const unsigned char *secret, - size_t secret_len, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) + mbedtls_ssl_key_export_type secret_type, + const unsigned char *secret, + size_t secret_len, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type) { dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey; @@ -132,7 +132,7 @@ static void dtls_srtp_key_derivation(void *p_expkey, #endif /* MBEDTLS_SSL_DTLS_SRTP */ static int ssl_check_record(mbedtls_ssl_context const *ssl, - unsigned char const *buf, size_t len) + unsigned char const *buf, size_t len) { int my_ret = 0, ret_cr1, ret_cr2; unsigned char *tmp_buf; @@ -224,7 +224,7 @@ static int recv_cb(void *ctx, unsigned char *buf, size_t len) } static int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout) + uint32_t timeout) { io_ctx_t *io_ctx = (io_ctx_t *) ctx; int ret; @@ -320,7 +320,7 @@ uint16_t ssl_sig_algs_for_test[] = { * for more info. */ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, - uint32_t flags) + uint32_t flags) { #if !defined(MBEDTLS_X509_REMOVE_INFO) return mbedtls_x509_crt_verify_info(buf, size, prefix, flags); diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index bf06871319..7213f8aea0 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -664,8 +664,8 @@ static unsigned char held[2048] = { 0 }; #define HOLD_MAX 2 static int handle_message(const char *way, - mbedtls_net_context *dst, - mbedtls_net_context *src) + mbedtls_net_context *dst, + mbedtls_net_context *src) { int ret; packet cur; diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 4d63478d75..177365b87c 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -46,7 +46,7 @@ struct options { } opt; static int convert_pem_to_der(const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen) + unsigned char *output, size_t *olen) { int ret; const unsigned char *s1, *s2, *end = input + ilen; diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 1482cc1f20..0dc4c971c7 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -94,22 +94,22 @@ int main(void) * global options */ struct options { - const char *filename; /* filename of the key file */ - const char *password; /* password for the key file */ - int debug_level; /* level of debugging */ + const char *filename; /* filename of the key file */ + const char *password; /* password for the key file */ + int debug_level; /* level of debugging */ const char *output_file; /* where to store the constructed key file */ - const char *subject_name; /* subject name for certificate request */ - mbedtls_x509_san_list *san_list; /* subjectAltName for certificate request */ - unsigned char key_usage; /* key usage flags */ - int force_key_usage; /* Force adding the KeyUsage extension */ - unsigned char ns_cert_type; /* NS cert type */ - int force_ns_cert_type; /* Force adding NsCertType extension */ - mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ + const char *subject_name; /* subject name for certificate request */ + mbedtls_x509_san_list *san_list; /* subjectAltName for certificate request */ + unsigned char key_usage; /* key usage flags */ + int force_key_usage; /* Force adding the KeyUsage extension */ + unsigned char ns_cert_type; /* NS cert type */ + int force_ns_cert_type; /* Force adding NsCertType extension */ + mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ } opt; static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret; FILE *f; diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index ec9bf11f7c..f57bd35505 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -205,8 +205,8 @@ struct options { } opt; static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng) + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret; FILE *f; @@ -250,7 +250,7 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil } static int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax, - const char *ibuf, size_t *len) + const char *ibuf, size_t *len) { unsigned long long int dec; unsigned int remaining_bytes = sizeof(dec); From 87825ab1b232442ac206b80df857a2688d177ce4 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Mon, 3 Jun 2024 19:45:34 +0200 Subject: [PATCH 087/124] Fix unused-function error for ecjpake_operation_setup in test_suite_psa_crypto.function This function is not referenced anywhere in the whole codebase. Signed-off-by: Michael Schuster --- .../suites/test_suite_psa_crypto.function | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index f6503f7e4d..0d30510a1a 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -39,28 +39,6 @@ #define ASSERT_OPERATION_IS_ACTIVE(operation) TEST_ASSERT(operation.id != 0) #define ASSERT_OPERATION_IS_INACTIVE(operation) TEST_ASSERT(operation.id == 0) -#if defined(PSA_WANT_ALG_JPAKE) -int ecjpake_operation_setup(psa_pake_operation_t *operation, - psa_pake_cipher_suite_t *cipher_suite, - psa_pake_role_t role, - mbedtls_svc_key_id_t key, - size_t key_available) -{ - PSA_ASSERT(psa_pake_abort(operation)); - - PSA_ASSERT(psa_pake_setup(operation, cipher_suite)); - - PSA_ASSERT(psa_pake_set_role(operation, role)); - - if (key_available) { - PSA_ASSERT(psa_pake_set_password_key(operation, key)); - } - return 0; -exit: - return 1; -} -#endif - /** An invalid export length that will never be set by psa_export_key(). */ static const size_t INVALID_EXPORT_LENGTH = ~0U; From 54300d4a4e56cfeb66cd5ee1193de6adab7b9119 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Tue, 4 Jun 2024 02:30:22 +0200 Subject: [PATCH 088/124] Fix missing-prototype errors in tests/suites Signed-off-by: Michael Schuster --- tests/src/test_helpers/ssl_helpers.c | 4 ++-- tests/suites/test_suite_debug.function | 2 +- tests/suites/test_suite_pkcs7.function | 2 +- tests/suites/test_suite_x509parse.function | 24 +++++++++---------- tests/suites/test_suite_x509write.function | 6 ++--- tf-psa-crypto/tests/suites/host_test.function | 8 +++---- tf-psa-crypto/tests/suites/main_test.function | 8 +++---- .../suites/test_suite_alignment.function | 2 +- .../suites/test_suite_asn1parse.function | 2 +- .../suites/test_suite_asn1write.function | 4 ++-- .../tests/suites/test_suite_bignum.function | 2 +- .../tests/suites/test_suite_cipher.function | 2 +- .../tests/suites/test_suite_common.function | 2 +- .../tests/suites/test_suite_ctr_drbg.function | 1 + .../tests/suites/test_suite_dhm.function | 2 +- .../tests/suites/test_suite_entropy.function | 6 ++--- .../tests/suites/test_suite_lmots.function | 2 +- .../tests/suites/test_suite_pk.function | 12 +++++----- .../tests/suites/test_suite_platform.function | 2 +- .../suites/test_suite_psa_crypto.function | 10 ++++---- .../test_suite_psa_crypto_metadata.function | 10 ++++---- ...st_suite_psa_crypto_se_driver_hal.function | 2 +- ...te_psa_crypto_se_driver_hal_mocks.function | 12 +++++----- 23 files changed, 64 insertions(+), 63 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 3a1e301665..dd24fea055 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -950,7 +950,7 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, /* * Write application data. Increase write counter if necessary. */ -int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, +static int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, int buf_len, int *written, const int expected_fragments) @@ -997,7 +997,7 @@ exit: * Read application data and increase read counter and fragments counter * if necessary. */ -int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, +static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, int buf_len, int *read, int *fragments, const int expected_fragments) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 5cd02b95a2..a71db14eca 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -9,7 +9,7 @@ struct buffer_data { char *ptr; }; -void string_debug(void *data, int level, const char *file, int line, const char *str) +static void string_debug(void *data, int level, const char *file, int line, const char *str) { struct buffer_data *buffer = (struct buffer_data *) data; char *p = buffer->ptr; diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 4c8bf233ef..e5dc4bd192 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -17,7 +17,7 @@ * END_DEPENDENCIES */ /* BEGIN_SUITE_HELPERS */ -int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen) +static int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen) { int res; mbedtls_pkcs7 pkcs7; diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index ba71c8f80c..e72a6e377e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -60,7 +60,7 @@ const mbedtls_x509_crt_profile profile_sha512 = 1024, }; -int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) +static int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) { ((void) data); ((void) crt); @@ -70,7 +70,7 @@ int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32 return 0; } -int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) +static int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) { ((void) data); ((void) crt); @@ -81,7 +81,7 @@ int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_ } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) +static int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) { ((void) data); ((void) child); @@ -90,7 +90,7 @@ int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt return -1; } #if defined(MBEDTLS_X509_CRT_PARSE_C) -int ca_callback(void *data, mbedtls_x509_crt const *child, +static int ca_callback(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) { int ret = 0; @@ -141,7 +141,7 @@ exit: #endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) +static int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) { int *levels = (int *) data; @@ -158,7 +158,7 @@ int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint3 } /* strsep() not available on Windows */ -char *mystrsep(char **stringp, const char *delim) +static char *mystrsep(char **stringp, const char *delim) { const char *p; char *ret = *stringp; @@ -192,13 +192,13 @@ typedef struct { char *p; } verify_print_context; -void verify_print_init(verify_print_context *ctx) +static void verify_print_init(verify_print_context *ctx) { memset(ctx, 0, sizeof(verify_print_context)); ctx->p = ctx->buf; } -int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) +static int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) { int ret; verify_print_context *ctx = (verify_print_context *) data; @@ -226,7 +226,7 @@ int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint3 return 0; } -int verify_parse_san(mbedtls_x509_subject_alternative_name *san, +static int verify_parse_san(mbedtls_x509_subject_alternative_name *san, char **buf, size_t *size) { int ret; @@ -317,7 +317,7 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san, return 0; } -int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, +static int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *cp, const unsigned char *end) { (void) crt; @@ -417,7 +417,7 @@ int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_X509_CSR_PARSE_C) -int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, +static int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, int critical, const unsigned char *cp, const unsigned char *end) { (void) p_ctx; @@ -430,7 +430,7 @@ int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x5 return 0; } -int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, +static int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, int critical, const unsigned char *cp, const unsigned char *end) { (void) p_ctx; diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 1db7e1cff2..820b48dfe8 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -11,14 +11,14 @@ #include "mbedtls/psa_util.h" #if defined(MBEDTLS_RSA_C) -int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, +static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) { return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, olen, input, output, output_max_len); } -int mbedtls_rsa_sign_func(void *ctx, +static int mbedtls_rsa_sign_func(void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) @@ -26,7 +26,7 @@ int mbedtls_rsa_sign_func(void *ctx, return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng, md_alg, hashlen, hash, sig); } -size_t mbedtls_rsa_key_len_func(void *ctx) +static size_t mbedtls_rsa_key_len_func(void *ctx) { return ((const mbedtls_rsa_context *) ctx)->len; } diff --git a/tf-psa-crypto/tests/suites/host_test.function b/tf-psa-crypto/tests/suites/host_test.function index eb42a07eba..d28a75e077 100644 --- a/tf-psa-crypto/tests/suites/host_test.function +++ b/tf-psa-crypto/tests/suites/host_test.function @@ -8,7 +8,7 @@ * * \return 0 if success else 1 */ -int verify_string(char **str) +static int verify_string(char **str) { if ((*str)[0] != '"' || (*str)[strlen(*str) - 1] != '"') { @@ -32,7 +32,7 @@ int verify_string(char **str) * * \return 0 if success else 1 */ -int verify_int(char *str, intmax_t *p_value) +static int verify_int(char *str, intmax_t *p_value) { char *end = NULL; errno = 0; @@ -80,7 +80,7 @@ int verify_int(char *str, intmax_t *p_value) * * \return 0 if success else -1 */ -int get_line(FILE *f, char *buf, size_t len) +static int get_line(FILE *f, char *buf, size_t len) { char *ret; int i = 0, str_len = 0, has_string = 0; @@ -485,7 +485,7 @@ static void try_chdir_if_supported(const char *argv0) * * \return Program exit status. */ -int execute_tests(int argc, const char **argv) +static int execute_tests(int argc, const char **argv) { /* Local Configurations and options */ const char *default_filename = "DATA_FILE"; diff --git a/tf-psa-crypto/tests/suites/main_test.function b/tf-psa-crypto/tests/suites/main_test.function index f327a03783..c0cc2ac50b 100644 --- a/tf-psa-crypto/tests/suites/main_test.function +++ b/tf-psa-crypto/tests/suites/main_test.function @@ -69,7 +69,7 @@ __MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE * * \return 0 if exp_id is found. 1 otherwise. */ -int get_expression(int32_t exp_id, intmax_t *out_value) +static int get_expression(int32_t exp_id, intmax_t *out_value) { int ret = KEY_VALUE_MAPPING_FOUND; @@ -100,7 +100,7 @@ int get_expression(int32_t exp_id, intmax_t *out_value) * * \return DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED */ -int dep_check(int dep_id) +static int dep_check(int dep_id) { int ret = DEPENDENCY_NOT_SUPPORTED; @@ -155,7 +155,7 @@ TestWrapper_t test_funcs[] = * DISPATCH_TEST_FN_NOT_FOUND if not found * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled. */ -int dispatch_test(size_t func_idx, void **params) +static int dispatch_test(size_t func_idx, void **params) { int ret = DISPATCH_TEST_SUCCESS; TestWrapper_t fp = NULL; @@ -193,7 +193,7 @@ int dispatch_test(size_t func_idx, void **params) * DISPATCH_TEST_FN_NOT_FOUND if not found * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled. */ -int check_test(size_t func_idx) +static int check_test(size_t func_idx) { int ret = DISPATCH_TEST_SUCCESS; TestWrapper_t fp = NULL; diff --git a/tf-psa-crypto/tests/suites/test_suite_alignment.function b/tf-psa-crypto/tests/suites/test_suite_alignment.function index 842101fc92..240f55211e 100644 --- a/tf-psa-crypto/tests/suites/test_suite_alignment.function +++ b/tf-psa-crypto/tests/suites/test_suite_alignment.function @@ -10,7 +10,7 @@ /* * Convert a string of the form "abcd" (case-insensitive) to a uint64_t. */ -int parse_hex_string(char *hex_string, uint64_t *result) +static int parse_hex_string(char *hex_string, uint64_t *result) { uint8_t raw[8] = { 0 }; size_t olen; diff --git a/tf-psa-crypto/tests/suites/test_suite_asn1parse.function b/tf-psa-crypto/tests/suites/test_suite_asn1parse.function index 01a091b06c..394d08a27b 100644 --- a/tf-psa-crypto/tests/suites/test_suite_asn1parse.function +++ b/tf-psa-crypto/tests/suites/test_suite_asn1parse.function @@ -122,7 +122,7 @@ exit: return ERR_PARSE_INCONSISTENCY; } -int get_len_step(const data_t *input, size_t buffer_size, +static int get_len_step(const data_t *input, size_t buffer_size, size_t actual_length) { unsigned char *buf = NULL; diff --git a/tf-psa-crypto/tests/suites/test_suite_asn1write.function b/tf-psa-crypto/tests/suites/test_suite_asn1write.function index 469b971c7d..d332485910 100644 --- a/tf-psa-crypto/tests/suites/test_suite_asn1write.function +++ b/tf-psa-crypto/tests/suites/test_suite_asn1write.function @@ -12,7 +12,7 @@ typedef struct { size_t size; } generic_write_data_t; -int generic_write_start_step(generic_write_data_t *data) +static int generic_write_start_step(generic_write_data_t *data) { mbedtls_test_set_step(data->size); mbedtls_free(data->output); @@ -26,7 +26,7 @@ exit: return 0; } -int generic_write_finish_step(generic_write_data_t *data, +static int generic_write_finish_step(generic_write_data_t *data, const data_t *expected, int ret) { int ok = 0; diff --git a/tf-psa-crypto/tests/suites/test_suite_bignum.function b/tf-psa-crypto/tests/suites/test_suite_bignum.function index f3a64e1837..22a637a504 100644 --- a/tf-psa-crypto/tests/suites/test_suite_bignum.function +++ b/tf-psa-crypto/tests/suites/test_suite_bignum.function @@ -44,7 +44,7 @@ typedef struct mbedtls_test_mpi_random { * test) are stored in the data member of the state structure. Each number is in * the format that mbedtls_mpi_read_string understands and is chunk_len long. */ -int mbedtls_test_mpi_miller_rabin_determinizer(void *state, +static int mbedtls_test_mpi_miller_rabin_determinizer(void *state, unsigned char *buf, size_t len) { diff --git a/tf-psa-crypto/tests/suites/test_suite_cipher.function b/tf-psa-crypto/tests/suites/test_suite_cipher.function index 8e49d2d3b5..040c35ca58 100644 --- a/tf-psa-crypto/tests/suites/test_suite_cipher.function +++ b/tf-psa-crypto/tests/suites/test_suite_cipher.function @@ -129,7 +129,7 @@ exit: * return 1 if it is, * 0 if it isn't. */ -int buffer_is_all_zero(const uint8_t *buf, size_t size) +static int buffer_is_all_zero(const uint8_t *buf, size_t size) { for (size_t i = 0; i < size; i++) { if (buf[i] != 0) { diff --git a/tf-psa-crypto/tests/suites/test_suite_common.function b/tf-psa-crypto/tests/suites/test_suite_common.function index 5c5700c25b..c508b11998 100644 --- a/tf-psa-crypto/tests/suites/test_suite_common.function +++ b/tf-psa-crypto/tests/suites/test_suite_common.function @@ -1,7 +1,7 @@ /* BEGIN_HEADER */ #include "common.h" -void fill_arrays(unsigned char *a, unsigned char *b, unsigned char *r1, unsigned char *r2, size_t n) +static void fill_arrays(unsigned char *a, unsigned char *b, unsigned char *r1, unsigned char *r2, size_t n) { for (size_t i = 0; i < n; i++) { a[i] = (unsigned char) i * 3; diff --git a/tf-psa-crypto/tests/suites/test_suite_ctr_drbg.function b/tf-psa-crypto/tests/suites/test_suite_ctr_drbg.function index 720eb3e08d..9fa55a754b 100644 --- a/tf-psa-crypto/tests/suites/test_suite_ctr_drbg.function +++ b/tf-psa-crypto/tests/suites/test_suite_ctr_drbg.function @@ -96,6 +96,7 @@ exit: } static const int thread_random_reps = 10; +void *thread_random_function(void *ctx); /* only used conditionally in ctr_drbg_threads */ void *thread_random_function(void *ctx) { unsigned char out[16]; diff --git a/tf-psa-crypto/tests/suites/test_suite_dhm.function b/tf-psa-crypto/tests/suites/test_suite_dhm.function index 20905940ba..a7b4b407b0 100644 --- a/tf-psa-crypto/tests/suites/test_suite_dhm.function +++ b/tf-psa-crypto/tests/suites/test_suite_dhm.function @@ -1,7 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/dhm.h" -int check_get_value(const mbedtls_dhm_context *ctx, +static int check_get_value(const mbedtls_dhm_context *ctx, mbedtls_dhm_parameter param, const mbedtls_mpi *expected) { diff --git a/tf-psa-crypto/tests/suites/test_suite_entropy.function b/tf-psa-crypto/tests/suites/test_suite_entropy.function index 5ac65fcf5e..c89c26c637 100644 --- a/tf-psa-crypto/tests/suites/test_suite_entropy.function +++ b/tf-psa-crypto/tests/suites/test_suite_entropy.function @@ -65,7 +65,7 @@ static void entropy_clear_sources(mbedtls_entropy_context *ctx) */ static unsigned char buffer_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; -int buffer_nv_seed_read(unsigned char *buf, size_t buf_len) +static int buffer_nv_seed_read(unsigned char *buf, size_t buf_len) { if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) { return -1; @@ -75,7 +75,7 @@ int buffer_nv_seed_read(unsigned char *buf, size_t buf_len) return 0; } -int buffer_nv_seed_write(unsigned char *buf, size_t buf_len) +static int buffer_nv_seed_write(unsigned char *buf, size_t buf_len) { if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) { return -1; @@ -111,7 +111,7 @@ static int write_nv_seed(unsigned char *buf, size_t buf_len) return 0; } -int read_nv_seed(unsigned char *buf, size_t buf_len) +static int read_nv_seed(unsigned char *buf, size_t buf_len) { FILE *f; diff --git a/tf-psa-crypto/tests/suites/test_suite_lmots.function b/tf-psa-crypto/tests/suites/test_suite_lmots.function index c81501c4d5..cfc0d3c122 100644 --- a/tf-psa-crypto/tests/suites/test_suite_lmots.function +++ b/tf-psa-crypto/tests/suites/test_suite_lmots.function @@ -3,7 +3,7 @@ #include "mbedtls/lms.h" #if defined(MBEDTLS_TEST_HOOKS) -int check_lmots_private_key_for_leak(unsigned char *sig) +static int check_lmots_private_key_for_leak(unsigned char *sig) { size_t idx; diff --git a/tf-psa-crypto/tests/suites/test_suite_pk.function b/tf-psa-crypto/tests/suites/test_suite_pk.function index f91001bb59..724bc8b097 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pk.function +++ b/tf-psa-crypto/tests/suites/test_suite_pk.function @@ -221,7 +221,7 @@ exit: } #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) -psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, +static psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, psa_key_type_t type, psa_key_usage_t usage, psa_algorithm_t alg, mbedtls_svc_key_id_t *key) { @@ -320,7 +320,7 @@ exit: * for volatile keys. * \param[out] key Identifier of the "generated" (actually imported) PSA key. */ -psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits, +static psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits, psa_key_usage_t usage, psa_algorithm_t alg, psa_algorithm_t enrollment_alg, mbedtls_svc_key_id_t persistent_key_id, @@ -468,7 +468,7 @@ exit: #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #if defined(MBEDTLS_RSA_C) -int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, +static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) { @@ -476,7 +476,7 @@ int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, mbedtls_test_rnd_std_rand, NULL, olen, input, output, output_max_len); } -int mbedtls_rsa_sign_func(void *ctx, +static int mbedtls_rsa_sign_func(void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig) @@ -487,7 +487,7 @@ int mbedtls_rsa_sign_func(void *ctx, mbedtls_test_rnd_std_rand, NULL, md_alg, hashlen, hash, sig); } -size_t mbedtls_rsa_key_len_func(void *ctx) +static size_t mbedtls_rsa_key_len_func(void *ctx) { return ((const mbedtls_rsa_context *) ctx)->len; } @@ -618,7 +618,7 @@ exit: /* Create a copy of a PSA key with same usage and algorithm policy and destroy * the original one. */ -mbedtls_svc_key_id_t psa_copy_and_destroy(mbedtls_svc_key_id_t orig_key_id) +static mbedtls_svc_key_id_t psa_copy_and_destroy(mbedtls_svc_key_id_t orig_key_id) { psa_key_attributes_t orig_attr = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t new_attr = PSA_KEY_ATTRIBUTES_INIT; diff --git a/tf-psa-crypto/tests/suites/test_suite_platform.function b/tf-psa-crypto/tests/suites/test_suite_platform.function index c65d011f0f..5d49e52e45 100644 --- a/tf-psa-crypto/tests/suites/test_suite_platform.function +++ b/tf-psa-crypto/tests/suites/test_suite_platform.function @@ -18,7 +18,7 @@ #else #include #endif -void sleep_ms(int milliseconds) +static void sleep_ms(int milliseconds) { #if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \ defined(__MINGW32__) || defined(_WIN64) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index 0d30510a1a..c941282683 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -153,7 +153,7 @@ static int construct_fake_rsa_key(unsigned char *buffer, } #endif /* MBEDTLS_ASN1_WRITE_C */ -int exercise_mac_setup(psa_key_type_t key_type, +static int exercise_mac_setup(psa_key_type_t key_type, const unsigned char *key_bytes, size_t key_length, psa_algorithm_t alg, @@ -185,7 +185,7 @@ exit: return 0; } -int exercise_cipher_setup(psa_key_type_t key_type, +static int exercise_cipher_setup(psa_key_type_t key_type, const unsigned char *key_bytes, size_t key_length, psa_algorithm_t alg, @@ -1308,7 +1308,7 @@ same_key_context; /* Attempt to import the key in ctx. This handles any valid error codes * and reports an error for any invalid codes. This function also insures * that once imported by some thread, all threads can use the key. */ -void *thread_import_key(void *ctx) +static void *thread_import_key(void *ctx) { mbedtls_svc_key_id_t returned_key_id; same_key_context *skc = (struct same_key_context *) ctx; @@ -1382,7 +1382,7 @@ exit: return NULL; } -void *thread_use_and_destroy_key(void *ctx) +static void *thread_use_and_destroy_key(void *ctx) { same_key_context *skc = (struct same_key_context *) ctx; @@ -1422,7 +1422,7 @@ typedef struct generate_key_context { int reps; } generate_key_context; -void *thread_generate_key(void *ctx) +static void *thread_generate_key(void *ctx) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.function index b51f2a28b7..d299794323 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.function @@ -106,7 +106,7 @@ * The expected parity is even so that 0 is considered a valid encoding. * * Return a nonzero value if value has even parity and 0 otherwise. */ -int has_even_parity(uint32_t value) +static int has_even_parity(uint32_t value) { value ^= value >> 16; value ^= value >> 8; @@ -116,7 +116,7 @@ int has_even_parity(uint32_t value) #define TEST_PARITY(value) \ TEST_ASSERT(has_even_parity(value)) -void algorithm_classification(psa_algorithm_t alg, unsigned flags) +static void algorithm_classification(psa_algorithm_t alg, unsigned flags) { unsigned classification_flags_tested = 0; TEST_CLASSIFICATION_MACRO(1, ALG_IS_VENDOR_DEFINED, alg, flags); @@ -155,7 +155,7 @@ void algorithm_classification(psa_algorithm_t alg, unsigned flags) exit:; } -void key_type_classification(psa_key_type_t type, unsigned flags) +static void key_type_classification(psa_key_type_t type, unsigned flags) { unsigned classification_flags_tested = 0; @@ -192,7 +192,7 @@ void key_type_classification(psa_key_type_t type, unsigned flags) exit:; } -void mac_algorithm_core(psa_algorithm_t alg, int classification_flags, +static void mac_algorithm_core(psa_algorithm_t alg, int classification_flags, psa_key_type_t key_type, size_t key_bits, size_t length) { @@ -218,7 +218,7 @@ void mac_algorithm_core(psa_algorithm_t alg, int classification_flags, exit:; } -void aead_algorithm_core(psa_algorithm_t alg, int classification_flags, +static void aead_algorithm_core(psa_algorithm_t alg, int classification_flags, psa_key_type_t key_type, size_t key_bits, size_t tag_length) { diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 37a72d9d75..96be55bcda 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -599,7 +599,7 @@ exit: * If this changes, the storage format version must change. * See psa_get_se_driver_its_file_uid() in psa_crypto_se.c. */ -psa_storage_uid_t file_uid_for_location(psa_key_location_t location) +static psa_storage_uid_t file_uid_for_location(psa_key_location_t location) { if (location > PSA_MAX_SE_LOCATION) { return 0; diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index b6d3a3487d..9480bd4296 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -162,7 +162,7 @@ static psa_status_t mock_import(psa_drv_se_context_t *drv_context, return mock_import_data.return_value; } -psa_status_t mock_export(psa_drv_se_context_t *context, +static psa_status_t mock_export(psa_drv_se_context_t *context, psa_key_slot_number_t slot_number, uint8_t *p_data, size_t data_size, @@ -179,7 +179,7 @@ psa_status_t mock_export(psa_drv_se_context_t *context, return mock_export_data.return_value; } -psa_status_t mock_export_public(psa_drv_se_context_t *context, +static psa_status_t mock_export_public(psa_drv_se_context_t *context, psa_key_slot_number_t slot_number, uint8_t *p_data, size_t data_size, @@ -196,7 +196,7 @@ psa_status_t mock_export_public(psa_drv_se_context_t *context, return mock_export_public_data.return_value; } -psa_status_t mock_sign(psa_drv_se_context_t *context, +static psa_status_t mock_sign(psa_drv_se_context_t *context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, @@ -219,7 +219,7 @@ psa_status_t mock_sign(psa_drv_se_context_t *context, return mock_sign_data.return_value; } -psa_status_t mock_verify(psa_drv_se_context_t *context, +static psa_status_t mock_verify(psa_drv_se_context_t *context, psa_key_slot_number_t key_slot, psa_algorithm_t alg, const uint8_t *p_hash, @@ -240,7 +240,7 @@ psa_status_t mock_verify(psa_drv_se_context_t *context, return mock_verify_data.return_value; } -psa_status_t mock_allocate(psa_drv_se_context_t *drv_context, +static psa_status_t mock_allocate(psa_drv_se_context_t *drv_context, void *persistent_data, const psa_key_attributes_t *attributes, psa_key_creation_method_t method, @@ -258,7 +258,7 @@ psa_status_t mock_allocate(psa_drv_se_context_t *drv_context, return mock_allocate_data.return_value; } -psa_status_t mock_destroy(psa_drv_se_context_t *context, +static psa_status_t mock_destroy(psa_drv_se_context_t *context, void *persistent_data, psa_key_slot_number_t slot_number) { From bd89b791a42c76b14bc0f5ac8d719e242db58834 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Tue, 4 Jun 2024 02:41:10 +0200 Subject: [PATCH 089/124] Adjust spacing in tests/suites function sources Signed-off-by: Michael Schuster --- tests/src/test_helpers/ssl_helpers.c | 12 ++-- tests/suites/test_suite_ssl.function | 16 +++--- tests/suites/test_suite_x509parse.function | 10 ++-- tests/suites/test_suite_x509write.function | 10 ++-- tf-psa-crypto/tests/suites/helpers.function | 4 +- .../suites/test_suite_asn1parse.function | 2 +- .../suites/test_suite_asn1write.function | 2 +- .../tests/suites/test_suite_bignum.function | 4 +- .../tests/suites/test_suite_dhm.function | 4 +- .../tests/suites/test_suite_pk.function | 22 ++++---- .../suites/test_suite_psa_crypto.function | 32 +++++------ .../test_suite_psa_crypto_metadata.function | 20 +++---- .../test_suite_psa_crypto_op_fail.function | 8 +-- .../test_suite_psa_crypto_pake.function | 34 +++++------ ...st_suite_psa_crypto_se_driver_hal.function | 52 ++++++++--------- ...te_psa_crypto_se_driver_hal_mocks.function | 56 +++++++++---------- .../tests/suites/test_suite_psa_its.function | 10 ++-- 17 files changed, 149 insertions(+), 149 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index dd24fea055..44e07efb63 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -951,9 +951,9 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, * Write application data. Increase write counter if necessary. */ static int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *written, - const int expected_fragments) + unsigned char *buf, int buf_len, + int *written, + const int expected_fragments) { int ret; /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is @@ -998,9 +998,9 @@ exit: * if necessary. */ static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, - unsigned char *buf, int buf_len, - int *read, int *fragments, - const int expected_fragments) + unsigned char *buf, int buf_len, + int *read, int *fragments, + const int expected_fragments) { int ret; /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8da8ed605e..2015215ab5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1623,11 +1623,11 @@ void ssl_tls13_derive_secret(int hash_alg, unsigned char const *lbl = NULL; size_t lbl_len; -#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ - if (label_idx == (int) tls13_label_ ## name) \ +#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ + if (label_idx == (int) tls13_label_ ## name) \ { \ lbl = mbedtls_ssl_tls13_labels.name; \ - lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \ + lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \ } MBEDTLS_SSL_TLS1_3_LABEL_LIST #undef MBEDTLS_SSL_TLS1_3_LABEL @@ -1667,7 +1667,7 @@ void ssl_tls13_derive_early_secrets(int hash_alg, /* Double-check that we've passed sane parameters. */ psa_algorithm_t alg = (psa_algorithm_t) hash_alg; size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && + TEST_ASSERT(PSA_ALG_IS_HASH(alg) && secret->len == hash_len && transcript->len == hash_len && traffic_expected->len == hash_len && @@ -1701,7 +1701,7 @@ void ssl_tls13_derive_handshake_secrets(int hash_alg, /* Double-check that we've passed sane parameters. */ psa_algorithm_t alg = (psa_algorithm_t) hash_alg; size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && + TEST_ASSERT(PSA_ALG_IS_HASH(alg) && secret->len == hash_len && transcript->len == hash_len && client_expected->len == hash_len && @@ -1736,7 +1736,7 @@ void ssl_tls13_derive_application_secrets(int hash_alg, /* Double-check that we've passed sane parameters. */ psa_algorithm_t alg = (psa_algorithm_t) hash_alg; size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && + TEST_ASSERT(PSA_ALG_IS_HASH(alg) && secret->len == hash_len && transcript->len == hash_len && client_expected->len == hash_len && @@ -1772,7 +1772,7 @@ void ssl_tls13_derive_resumption_secrets(int hash_alg, /* Double-check that we've passed sane parameters. */ psa_algorithm_t alg = (psa_algorithm_t) hash_alg; size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && + TEST_ASSERT(PSA_ALG_IS_HASH(alg) && secret->len == hash_len && transcript->len == hash_len && resumption_expected->len == hash_len); @@ -1803,7 +1803,7 @@ void ssl_tls13_create_psk_binder(int hash_alg, /* Double-check that we've passed sane parameters. */ psa_algorithm_t alg = (psa_algorithm_t) hash_alg; size_t const hash_len = PSA_HASH_LENGTH(alg); - TEST_ASSERT(PSA_ALG_IS_HASH(alg) && + TEST_ASSERT(PSA_ALG_IS_HASH(alg) && transcript->len == hash_len && binder_expected->len == hash_len); diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index e72a6e377e..fbc4fbcd0b 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -91,7 +91,7 @@ static int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x } #if defined(MBEDTLS_X509_CRT_PARSE_C) static int ca_callback(void *data, mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidates) + mbedtls_x509_crt **candidates) { int ret = 0; mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; @@ -227,7 +227,7 @@ static int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth } static int verify_parse_san(mbedtls_x509_subject_alternative_name *san, - char **buf, size_t *size) + char **buf, size_t *size) { int ret; size_t i; @@ -318,7 +318,7 @@ static int verify_parse_san(mbedtls_x509_subject_alternative_name *san, } static int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, - int critical, const unsigned char *cp, const unsigned char *end) + int critical, const unsigned char *cp, const unsigned char *end) { (void) crt; (void) critical; @@ -418,7 +418,7 @@ static int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x5 #if defined(MBEDTLS_X509_CSR_PARSE_C) static int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, - int critical, const unsigned char *cp, const unsigned char *end) + int critical, const unsigned char *cp, const unsigned char *end) { (void) p_ctx; (void) csr; @@ -431,7 +431,7 @@ static int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbe } static int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, - int critical, const unsigned char *cp, const unsigned char *end) + int critical, const unsigned char *cp, const unsigned char *end) { (void) p_ctx; (void) csr; diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 820b48dfe8..901a88ad0a 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -12,16 +12,16 @@ #if defined(MBEDTLS_RSA_C) static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len) + const unsigned char *input, unsigned char *output, + size_t output_max_len) { return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, olen, input, output, output_max_len); } static int mbedtls_rsa_sign_func(void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_md_type_t md_alg, unsigned int hashlen, + const unsigned char *hash, unsigned char *sig) { return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng, md_alg, hashlen, hash, sig); diff --git a/tf-psa-crypto/tests/suites/helpers.function b/tf-psa-crypto/tests/suites/helpers.function index b5f5796e42..b561f4766a 100644 --- a/tf-psa-crypto/tests/suites/helpers.function +++ b/tf-psa-crypto/tests/suites/helpers.function @@ -55,8 +55,8 @@ /* Indicates whether we expect mbedtls_entropy_init * to initialize some strong entropy source. */ #if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ - (!defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ - defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ + (!defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ + defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ defined(ENTROPY_NV_SEED)) #define ENTROPY_HAVE_STRONG #endif diff --git a/tf-psa-crypto/tests/suites/test_suite_asn1parse.function b/tf-psa-crypto/tests/suites/test_suite_asn1parse.function index 394d08a27b..123da5a784 100644 --- a/tf-psa-crypto/tests/suites/test_suite_asn1parse.function +++ b/tf-psa-crypto/tests/suites/test_suite_asn1parse.function @@ -123,7 +123,7 @@ exit: } static int get_len_step(const data_t *input, size_t buffer_size, - size_t actual_length) + size_t actual_length) { unsigned char *buf = NULL; unsigned char *p = NULL; diff --git a/tf-psa-crypto/tests/suites/test_suite_asn1write.function b/tf-psa-crypto/tests/suites/test_suite_asn1write.function index d332485910..f5fc025f7d 100644 --- a/tf-psa-crypto/tests/suites/test_suite_asn1write.function +++ b/tf-psa-crypto/tests/suites/test_suite_asn1write.function @@ -27,7 +27,7 @@ exit: } static int generic_write_finish_step(generic_write_data_t *data, - const data_t *expected, int ret) + const data_t *expected, int ret) { int ok = 0; diff --git a/tf-psa-crypto/tests/suites/test_suite_bignum.function b/tf-psa-crypto/tests/suites/test_suite_bignum.function index 22a637a504..7cbbbe87f7 100644 --- a/tf-psa-crypto/tests/suites/test_suite_bignum.function +++ b/tf-psa-crypto/tests/suites/test_suite_bignum.function @@ -45,8 +45,8 @@ typedef struct mbedtls_test_mpi_random { * the format that mbedtls_mpi_read_string understands and is chunk_len long. */ static int mbedtls_test_mpi_miller_rabin_determinizer(void *state, - unsigned char *buf, - size_t len) + unsigned char *buf, + size_t len) { mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state; diff --git a/tf-psa-crypto/tests/suites/test_suite_dhm.function b/tf-psa-crypto/tests/suites/test_suite_dhm.function index a7b4b407b0..bb64ef320f 100644 --- a/tf-psa-crypto/tests/suites/test_suite_dhm.function +++ b/tf-psa-crypto/tests/suites/test_suite_dhm.function @@ -2,8 +2,8 @@ #include "mbedtls/dhm.h" static int check_get_value(const mbedtls_dhm_context *ctx, - mbedtls_dhm_parameter param, - const mbedtls_mpi *expected) + mbedtls_dhm_parameter param, + const mbedtls_mpi *expected) { mbedtls_mpi actual; int ok = 0; diff --git a/tf-psa-crypto/tests/suites/test_suite_pk.function b/tf-psa-crypto/tests/suites/test_suite_pk.function index 724bc8b097..3f1894afe9 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pk.function +++ b/tf-psa-crypto/tests/suites/test_suite_pk.function @@ -222,8 +222,8 @@ exit: #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) static psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, - psa_key_type_t type, psa_key_usage_t usage, - psa_algorithm_t alg, mbedtls_svc_key_id_t *key) + psa_key_type_t type, psa_key_usage_t usage, + psa_algorithm_t alg, mbedtls_svc_key_id_t *key) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; @@ -321,10 +321,10 @@ exit: * \param[out] key Identifier of the "generated" (actually imported) PSA key. */ static psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits, - psa_key_usage_t usage, psa_algorithm_t alg, - psa_algorithm_t enrollment_alg, - mbedtls_svc_key_id_t persistent_key_id, - mbedtls_svc_key_id_t *key) + psa_key_usage_t usage, psa_algorithm_t alg, + psa_algorithm_t enrollment_alg, + mbedtls_svc_key_id_t persistent_key_id, + mbedtls_svc_key_id_t *key) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -469,17 +469,17 @@ exit: #if defined(MBEDTLS_RSA_C) static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len) + const unsigned char *input, unsigned char *output, + size_t output_max_len) { return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, mbedtls_test_rnd_std_rand, NULL, olen, input, output, output_max_len); } static int mbedtls_rsa_sign_func(void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_md_type_t md_alg, unsigned int hashlen, + const unsigned char *hash, unsigned char *sig) { ((void) f_rng); ((void) p_rng); diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index c941282683..99649a691f 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -154,11 +154,11 @@ static int construct_fake_rsa_key(unsigned char *buffer, #endif /* MBEDTLS_ASN1_WRITE_C */ static int exercise_mac_setup(psa_key_type_t key_type, - const unsigned char *key_bytes, - size_t key_length, - psa_algorithm_t alg, - psa_mac_operation_t *operation, - psa_status_t *status) + const unsigned char *key_bytes, + size_t key_length, + psa_algorithm_t alg, + psa_mac_operation_t *operation, + psa_status_t *status) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -186,11 +186,11 @@ exit: } static int exercise_cipher_setup(psa_key_type_t key_type, - const unsigned char *key_bytes, - size_t key_length, - psa_algorithm_t alg, - psa_cipher_operation_t *operation, - psa_status_t *status) + const unsigned char *key_bytes, + size_t key_length, + psa_algorithm_t alg, + psa_cipher_operation_t *operation, + psa_status_t *status) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -263,14 +263,14 @@ exit: /* Assert that a key isn't reported as having a slot number. */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) #define ASSERT_NO_SLOT_NUMBER(attributes) \ - do \ - { \ - psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \ - TEST_EQUAL(psa_get_key_slot_number( \ - attributes, \ + do \ + { \ + psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \ + TEST_EQUAL(psa_get_key_slot_number( \ + attributes, \ &ASSERT_NO_SLOT_NUMBER_slot_number), \ PSA_ERROR_INVALID_ARGUMENT); \ - } \ + } \ while (0) #else /* MBEDTLS_PSA_CRYPTO_SE_C */ #define ASSERT_NO_SLOT_NUMBER(attributes) \ diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.function index d299794323..3b5bf66cdb 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.function @@ -80,17 +80,17 @@ * Unconditionally mask flag into the ambient variable * classification_flags_tested. */ -#define TEST_CLASSIFICATION_MACRO(cond, flag, alg, flags) \ +#define TEST_CLASSIFICATION_MACRO(cond, flag, alg, flags) \ do \ { \ - if (cond) \ + if (cond) \ { \ - if ((flags) & (flag)) \ - TEST_ASSERT(PSA_##flag(alg)); \ + if ((flags) & (flag)) \ + TEST_ASSERT(PSA_##flag(alg)); \ else \ - TEST_ASSERT(!PSA_##flag(alg)); \ + TEST_ASSERT(!PSA_##flag(alg)); \ } \ - classification_flags_tested |= (flag); \ + classification_flags_tested |= (flag); \ } \ while (0) @@ -193,8 +193,8 @@ exit:; } static void mac_algorithm_core(psa_algorithm_t alg, int classification_flags, - psa_key_type_t key_type, size_t key_bits, - size_t length) + psa_key_type_t key_type, size_t key_bits, + size_t length) { /* Algorithm classification */ TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); @@ -219,8 +219,8 @@ exit:; } static void aead_algorithm_core(psa_algorithm_t alg, int classification_flags, - psa_key_type_t key_type, size_t key_bits, - size_t tag_length) + psa_key_type_t key_type, size_t key_bits, + size_t tag_length) { /* Algorithm classification */ TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function index 9878237211..928986933a 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function @@ -27,11 +27,11 @@ static int test_equal_status(const char *test, * run, it would be better to clarify the expectations and reconcile the * library and the test case generator. */ -#define TEST_STATUS(expr1, expr2) \ - do { \ +#define TEST_STATUS(expr1, expr2) \ + do { \ if (!test_equal_status( #expr1 " == " #expr2, __LINE__, __FILE__, \ - expr1, expr2)) \ - goto exit; \ + expr1, expr2)) \ + goto exit; \ } while (0) /* END_HEADER */ diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_pake.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_pake.function index 1cc69a73aa..08c88a1d6e 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_pake.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_pake.function @@ -71,9 +71,9 @@ static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; * we're corrupting. */ #define DO_ROUND_CONDITIONAL_INJECT(this_stage, buf) \ - if (this_stage == err_stage) \ - { \ - *(buf + 7) ^= 1; \ + if (this_stage == err_stage) \ + { \ + *(buf + 7) ^= 1; \ } #define DO_ROUND_CONDITIONAL_CHECK_FAILURE(this_stage, function) \ @@ -84,20 +84,20 @@ static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; } #define DO_ROUND_UPDATE_OFFSETS(main_buf_offset, step_offset, step_size) \ - { \ - step_offset = main_buf_offset; \ - main_buf_offset += step_size; \ + { \ + step_offset = main_buf_offset; \ + main_buf_offset += step_size; \ } -#define DO_ROUND_CHECK_FAILURE() \ - if (err_stage != ERR_NONE && status != PSA_SUCCESS) \ +#define DO_ROUND_CHECK_FAILURE() \ + if (err_stage != ERR_NONE && status != PSA_SUCCESS) \ { \ - TEST_EQUAL(status, expected_error_arg); \ + TEST_EQUAL(status, expected_error_arg); \ break; \ } \ else \ { \ - TEST_EQUAL(status, PSA_SUCCESS); \ + TEST_EQUAL(status, PSA_SUCCESS); \ } #if defined(PSA_WANT_ALG_JPAKE) @@ -550,15 +550,15 @@ exit: * - terminated with failure otherwise (either no error was expected at this * stage or a different error code was expected) */ -#define SETUP_ALWAYS_CHECK_STEP(test_function, this_check_err_stage) \ +#define SETUP_ALWAYS_CHECK_STEP(test_function, this_check_err_stage) \ status = test_function; \ - if (err_stage != this_check_err_stage) \ + if (err_stage != this_check_err_stage) \ { \ - PSA_ASSERT(status); \ + PSA_ASSERT(status); \ } \ else \ { \ - TEST_EQUAL(status, expected_error); \ + TEST_EQUAL(status, expected_error); \ goto exit; \ } @@ -572,10 +572,10 @@ exit: * The test succeeds if the returned error is exactly the expected one, * otherwise it fails. */ -#define SETUP_CONDITIONAL_CHECK_STEP(test_function, this_check_err_stage) \ - if (err_stage == this_check_err_stage) \ +#define SETUP_CONDITIONAL_CHECK_STEP(test_function, this_check_err_stage) \ + if (err_stage == this_check_err_stage) \ { \ - TEST_EQUAL(test_function, expected_error); \ + TEST_EQUAL(test_function, expected_error); \ goto exit; \ } /* END_HEADER */ diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 96be55bcda..66d2a4eb99 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -14,8 +14,8 @@ #endif /* Same in library/psa_crypto.c */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) #define BUILTIN_ALG_ANY_HKDF 1 #endif @@ -36,11 +36,11 @@ /** The location and lifetime used for tests that use a single driver. */ #define TEST_DRIVER_LOCATION 1 -#define TEST_SE_PERSISTENT_LIFETIME \ +#define TEST_SE_PERSISTENT_LIFETIME \ (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION)) -#define TEST_SE_VOLATILE_LIFETIME \ +#define TEST_SE_VOLATILE_LIFETIME \ (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION)) @@ -54,13 +54,13 @@ * * Use this macro to assert on guarantees provided by the core. */ -#define DRIVER_ASSERT_RETURN(TEST) \ - do { \ - if (!(TEST)) \ - { \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ - return PSA_ERROR_DETECTED_BY_DRIVER; \ - } \ +#define DRIVER_ASSERT_RETURN(TEST) \ + do { \ + if (!(TEST)) \ + { \ + mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ + return PSA_ERROR_DETECTED_BY_DRIVER; \ + } \ } while (0) /** Like #TEST_ASSERT for use in a driver method, with cleanup. @@ -70,14 +70,14 @@ * * Use this macro to assert on guarantees provided by the core. */ -#define DRIVER_ASSERT(TEST) \ - do { \ - if (!(TEST)) \ - { \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ +#define DRIVER_ASSERT(TEST) \ + do { \ + if (!(TEST)) \ + { \ + mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ status = PSA_ERROR_DETECTED_BY_DRIVER; \ goto exit; \ - } \ + } \ } while (0) /** Like #PSA_ASSERT for a PSA API call that calls a driver underneath. @@ -91,16 +91,16 @@ * case, the test driver code is expected to have called mbedtls_test_fail() * already, so we make sure not to overwrite the failure information. */ -#define PSA_ASSERT_VIA_DRIVER(expr, expected_status) \ - do { \ - psa_status_t PSA_ASSERT_VIA_DRIVER_status = (expr); \ - if (PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER) \ - goto exit; \ - if (PSA_ASSERT_VIA_DRIVER_status != (expected_status)) \ - { \ +#define PSA_ASSERT_VIA_DRIVER(expr, expected_status) \ + do { \ + psa_status_t PSA_ASSERT_VIA_DRIVER_status = (expr); \ + if (PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER) \ + goto exit; \ + if (PSA_ASSERT_VIA_DRIVER_status != (expected_status)) \ + { \ mbedtls_test_fail( #expr, __LINE__, __FILE__); \ - goto exit; \ - } \ + goto exit; \ + } \ } while (0) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 9480bd4296..efd24e9f29 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -6,7 +6,7 @@ /** The location and lifetime used for tests that use a single driver. */ #define TEST_DRIVER_LOCATION 1 -#define TEST_SE_PERSISTENT_LIFETIME \ +#define TEST_SE_PERSISTENT_LIFETIME \ (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION)) @@ -163,10 +163,10 @@ static psa_status_t mock_import(psa_drv_se_context_t *drv_context, } static psa_status_t mock_export(psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - uint8_t *p_data, - size_t data_size, - size_t *p_data_length) + psa_key_slot_number_t slot_number, + uint8_t *p_data, + size_t data_size, + size_t *p_data_length) { (void) context; (void) p_data; @@ -180,10 +180,10 @@ static psa_status_t mock_export(psa_drv_se_context_t *context, } static psa_status_t mock_export_public(psa_drv_se_context_t *context, - psa_key_slot_number_t slot_number, - uint8_t *p_data, - size_t data_size, - size_t *p_data_length) + psa_key_slot_number_t slot_number, + uint8_t *p_data, + size_t data_size, + size_t *p_data_length) { (void) context; (void) p_data; @@ -197,13 +197,13 @@ static psa_status_t mock_export_public(psa_drv_se_context_t *context, } static psa_status_t mock_sign(psa_drv_se_context_t *context, - psa_key_slot_number_t key_slot, - psa_algorithm_t alg, - const uint8_t *p_hash, - size_t hash_length, - uint8_t *p_signature, - size_t signature_size, - size_t *p_signature_length) + psa_key_slot_number_t key_slot, + psa_algorithm_t alg, + const uint8_t *p_hash, + size_t hash_length, + uint8_t *p_signature, + size_t signature_size, + size_t *p_signature_length) { (void) context; (void) p_hash; @@ -220,12 +220,12 @@ static psa_status_t mock_sign(psa_drv_se_context_t *context, } static psa_status_t mock_verify(psa_drv_se_context_t *context, - psa_key_slot_number_t key_slot, - psa_algorithm_t alg, - const uint8_t *p_hash, - size_t hash_length, - const uint8_t *p_signature, - size_t signature_length) + psa_key_slot_number_t key_slot, + psa_algorithm_t alg, + const uint8_t *p_hash, + size_t hash_length, + const uint8_t *p_signature, + size_t signature_length) { (void) context; (void) p_hash; @@ -241,10 +241,10 @@ static psa_status_t mock_verify(psa_drv_se_context_t *context, } static psa_status_t mock_allocate(psa_drv_se_context_t *drv_context, - void *persistent_data, - const psa_key_attributes_t *attributes, - psa_key_creation_method_t method, - psa_key_slot_number_t *key_slot) + void *persistent_data, + const psa_key_attributes_t *attributes, + psa_key_creation_method_t method, + psa_key_slot_number_t *key_slot) { (void) drv_context; (void) persistent_data; @@ -259,8 +259,8 @@ static psa_status_t mock_allocate(psa_drv_se_context_t *drv_context, } static psa_status_t mock_destroy(psa_drv_se_context_t *context, - void *persistent_data, - psa_key_slot_number_t slot_number) + void *persistent_data, + psa_key_slot_number_t slot_number) { (void) context; (void) persistent_data; diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_its.function b/tf-psa-crypto/tests/suites/test_suite_psa_its.function index 0f66c79517..ce3433f2e5 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_its.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_its.function @@ -19,11 +19,11 @@ #define PSA_ITS_STORAGE_PREFIX "" #define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx" #define PSA_ITS_STORAGE_SUFFIX ".psa_its" -#define PSA_ITS_STORAGE_FILENAME_LENGTH \ - (sizeof(PSA_ITS_STORAGE_PREFIX) - 1 + /*prefix without terminating 0*/ \ - 16 + /*UID (64-bit number in hex)*/ \ - 16 + /*UID (64-bit number in hex)*/ \ - sizeof(PSA_ITS_STORAGE_SUFFIX) - 1 + /*suffix without terminating 0*/ \ +#define PSA_ITS_STORAGE_FILENAME_LENGTH \ + (sizeof(PSA_ITS_STORAGE_PREFIX) - 1 + /*prefix without terminating 0*/ \ + 16 + /*UID (64-bit number in hex)*/ \ + 16 + /*UID (64-bit number in hex)*/ \ + sizeof(PSA_ITS_STORAGE_SUFFIX) - 1 + /*suffix without terminating 0*/ \ 1 /*terminating null byte*/) #define PSA_ITS_STORAGE_TEMP \ PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX From 1da4ed1df811c7a1410f62ab264b890737e8efdb Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Wed, 5 Jun 2024 01:45:54 +0200 Subject: [PATCH 090/124] Move the -Wmissing-prototypes option from library/CMakeLists.txt to the top-level CMakeLists.txt for GCC & Clang Signed-off-by: Michael Schuster --- CMakeLists.txt | 4 ++-- library/CMakeLists.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 6d16079939..df4bf6bb20 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -204,7 +204,7 @@ if(CMAKE_COMPILER_IS_GNU) # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes") if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral") endif() @@ -238,7 +238,7 @@ if(CMAKE_COMPILER_IS_GNU) endif(CMAKE_COMPILER_IS_GNU) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index da109dc1bc..2e18d2b9a9 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -201,11 +201,11 @@ else() endif() if(CMAKE_COMPILER_IS_GNUCC) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations") endif(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_CLANG) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") endif(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_MSVC) From 8f606551d7d6eb1f201a4c8bee7d7525cfbc2dcc Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Wed, 5 Jun 2024 14:45:45 +0200 Subject: [PATCH 091/124] Fix tests build with MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS enabled In that case mbedtls_psa_platform_get_builtin_key is already declared. Signed-off-by: Michael Schuster --- tests/src/drivers/platform_builtin_keys.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c index 01fc050bbb..4561b6fdc2 100644 --- a/tests/src/drivers/platform_builtin_keys.c +++ b/tests/src/drivers/platform_builtin_keys.c @@ -10,6 +10,8 @@ #include +#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) + #include #include @@ -76,3 +78,5 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( return PSA_ERROR_DOES_NOT_EXIST; } + +#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ From a3cc46382bf78e53e7370b7d5eef82d70e1fc8c0 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Fri, 7 Jun 2024 01:51:54 +0200 Subject: [PATCH 092/124] Use correct test case conditionals for helper functions in tests/suites Fix unused-function errors. Signed-off-by: Michael Schuster --- tests/suites/test_suite_x509parse.function | 18 +++++++++++------- tests/suites/test_suite_x509write.function | 8 ++++++-- .../tests/suites/test_suite_bignum.function | 2 ++ .../tests/suites/test_suite_entropy.function | 7 +++++++ .../tests/suites/test_suite_lmots.function | 4 ++-- .../tests/suites/test_suite_pk.function | 4 ++-- .../suites/test_suite_psa_crypto.function | 2 ++ 7 files changed, 32 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index fbc4fbcd0b..b017e6854e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -60,6 +60,9 @@ const mbedtls_x509_crt_profile profile_sha512 = 1024, }; +#if defined(MBEDTLS_X509_CRT_PARSE_C) + +#if defined(MBEDTLS_FS_IO) static int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) { ((void) data); @@ -80,7 +83,8 @@ static int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, return 0; } -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) +#if defined(MBEDTLS_X509_CRL_PARSE_C) && \ + defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) static int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) { ((void) data); @@ -89,7 +93,7 @@ static int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x return -1; } -#if defined(MBEDTLS_X509_CRT_PARSE_C) + static int ca_callback(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) { @@ -138,8 +142,7 @@ exit: *candidates = first; return ret; } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ +#endif /* MBEDTLS_X509_CRL_PARSE_C && MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ static int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) { @@ -186,7 +189,6 @@ done: return ret; } -#if defined(MBEDTLS_X509_CRT_PARSE_C) typedef struct { char buf[512]; char *p; @@ -316,6 +318,7 @@ static int verify_parse_san(mbedtls_x509_subject_alternative_name *san, return 0; } +#endif /* MBEDTLS_FS_IO */ static int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *cp, const unsigned char *end) @@ -416,7 +419,8 @@ static int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x5 } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_X509_CSR_PARSE_C) +#if defined(MBEDTLS_X509_CSR_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_INFO) static int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, int critical, const unsigned char *cp, const unsigned char *end) { @@ -443,7 +447,7 @@ static int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbe return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } -#endif /* MBEDTLS_X509_CSR_PARSE_C */ +#endif /* MBEDTLS_X509_CSR_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */ /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 901a88ad0a..2762b0f84e 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -10,7 +10,11 @@ #include "mbedtls/pk.h" #include "mbedtls/psa_util.h" -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PEM_WRITE_C) && \ + defined(MBEDTLS_X509_CRT_WRITE_C) && \ + defined(MBEDTLS_X509_CRT_PARSE_C) && \ + defined(MBEDTLS_MD_CAN_SHA1) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) @@ -30,7 +34,7 @@ static size_t mbedtls_rsa_key_len_func(void *ctx) { return ((const mbedtls_rsa_context *) ctx)->len; } -#endif /* MBEDTLS_RSA_C */ +#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) diff --git a/tf-psa-crypto/tests/suites/test_suite_bignum.function b/tf-psa-crypto/tests/suites/test_suite_bignum.function index 7cbbbe87f7..1830e5aa1c 100644 --- a/tf-psa-crypto/tests/suites/test_suite_bignum.function +++ b/tf-psa-crypto/tests/suites/test_suite_bignum.function @@ -32,6 +32,7 @@ static int sign_is_valid(const mbedtls_mpi *X) return 1; } +#if defined(MBEDTLS_GENPRIME) typedef struct mbedtls_test_mpi_random { data_t *data; size_t pos; @@ -73,6 +74,7 @@ static int mbedtls_test_mpi_miller_rabin_determinizer(void *state, return 0; } +#endif /* MBEDTLS_GENPRIME */ /* Random generator that is told how many bytes to return. */ static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len) diff --git a/tf-psa-crypto/tests/suites/test_suite_entropy.function b/tf-psa-crypto/tests/suites/test_suite_entropy.function index c89c26c637..a4f3b1bd7c 100644 --- a/tf-psa-crypto/tests/suites/test_suite_entropy.function +++ b/tf-psa-crypto/tests/suites/test_suite_entropy.function @@ -60,6 +60,8 @@ static void entropy_clear_sources(mbedtls_entropy_context *ctx) } #if defined(MBEDTLS_ENTROPY_NV_SEED) + +#if defined(MBEDTLS_MD_LIGHT) && defined(MBEDTLS_PLATFORM_NV_SEED_ALT) /* * NV seed read/write functions that use a buffer instead of a file */ @@ -84,7 +86,9 @@ static int buffer_nv_seed_write(unsigned char *buf, size_t buf_len) memcpy(buffer_seed, buf, MBEDTLS_ENTROPY_BLOCK_SIZE); return 0; } +#endif /* MBEDTLS_MD_LIGHT && MBEDTLS_PLATFORM_NV_SEED_ALT */ +#if defined(MBEDTLS_FS_IO) /* * NV seed read/write helpers that fill the base seedfile */ @@ -111,6 +115,7 @@ static int write_nv_seed(unsigned char *buf, size_t buf_len) return 0; } +#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) static int read_nv_seed(unsigned char *buf, size_t buf_len) { FILE *f; @@ -133,6 +138,8 @@ static int read_nv_seed(unsigned char *buf, size_t buf_len) return 0; } +#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ /* END_HEADER */ diff --git a/tf-psa-crypto/tests/suites/test_suite_lmots.function b/tf-psa-crypto/tests/suites/test_suite_lmots.function index cfc0d3c122..1efb30bb27 100644 --- a/tf-psa-crypto/tests/suites/test_suite_lmots.function +++ b/tf-psa-crypto/tests/suites/test_suite_lmots.function @@ -2,7 +2,7 @@ #include "lmots.h" #include "mbedtls/lms.h" -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_LMS_PRIVATE) static int check_lmots_private_key_for_leak(unsigned char *sig) { size_t idx; @@ -18,7 +18,7 @@ static int check_lmots_private_key_for_leak(unsigned char *sig) exit: return -1; } -#endif /* defined(MBEDTLS_TEST_HOOKS) */ +#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_LMS_PRIVATE */ /* END_HEADER */ diff --git a/tf-psa-crypto/tests/suites/test_suite_pk.function b/tf-psa-crypto/tests/suites/test_suite_pk.function index 3f1894afe9..98563ef509 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pk.function +++ b/tf-psa-crypto/tests/suites/test_suite_pk.function @@ -467,7 +467,7 @@ exit: } #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ -#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) @@ -491,7 +491,7 @@ static size_t mbedtls_rsa_key_len_func(void *ctx) { return ((const mbedtls_rsa_context *) ctx)->len; } -#endif /* MBEDTLS_RSA_C */ +#endif /* MBEDTLS_RSA_C && MBEDTLS_PK_RSA_ALT_SUPPORT */ typedef enum { /* The values are compatible with thinking of "from pair" as a boolean. */ diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index 99649a691f..9270b5f81c 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -1292,6 +1292,7 @@ exit: #if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) typedef struct same_key_context { data_t *data; mbedtls_svc_key_id_t key; @@ -1410,6 +1411,7 @@ static void *thread_use_and_destroy_key(void *ctx) exit: return NULL; } +#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ typedef struct generate_key_context { psa_key_type_t type; From f828f04532f7b6d4f61a4064508426ee37466052 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Fri, 7 Jun 2024 06:47:31 +0200 Subject: [PATCH 093/124] Fix Uncrustify errors in modified tests/suites to satisfy check_code_style test Signed-off-by: Michael Schuster --- tests/suites/test_suite_x509parse.function | 19 ++++++++++++++----- .../tests/suites/test_suite_common.function | 6 +++++- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b017e6854e..9fc0e55dff 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -85,7 +85,8 @@ static int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, #if defined(MBEDTLS_X509_CRL_PARSE_C) && \ defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -static int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) +static int ca_callback_fail(void *data, mbedtls_x509_crt const *child, + mbedtls_x509_crt **candidates) { ((void) data); ((void) child); @@ -421,8 +422,12 @@ static int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x5 #if defined(MBEDTLS_X509_CSR_PARSE_C) && \ !defined(MBEDTLS_X509_REMOVE_INFO) -static int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, - int critical, const unsigned char *cp, const unsigned char *end) +static int parse_csr_ext_accept_cb(void *p_ctx, + mbedtls_x509_csr const *csr, + mbedtls_x509_buf const *oid, + int critical, + const unsigned char *cp, + const unsigned char *end) { (void) p_ctx; (void) csr; @@ -434,8 +439,12 @@ static int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbe return 0; } -static int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, - int critical, const unsigned char *cp, const unsigned char *end) +static int parse_csr_ext_reject_cb(void *p_ctx, + mbedtls_x509_csr const *csr, + mbedtls_x509_buf const *oid, + int critical, + const unsigned char *cp, + const unsigned char *end) { (void) p_ctx; (void) csr; diff --git a/tf-psa-crypto/tests/suites/test_suite_common.function b/tf-psa-crypto/tests/suites/test_suite_common.function index c508b11998..8626a0ba4c 100644 --- a/tf-psa-crypto/tests/suites/test_suite_common.function +++ b/tf-psa-crypto/tests/suites/test_suite_common.function @@ -1,7 +1,11 @@ /* BEGIN_HEADER */ #include "common.h" -static void fill_arrays(unsigned char *a, unsigned char *b, unsigned char *r1, unsigned char *r2, size_t n) +static void fill_arrays(unsigned char *a, + unsigned char *b, + unsigned char *r1, + unsigned char *r2, + size_t n) { for (size_t i = 0; i < n; i++) { a[i] = (unsigned char) i * 3; From 0aaa493d84661a4ab8cc4335c0f9886d8e9a5025 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Fri, 7 Jun 2024 06:57:06 +0200 Subject: [PATCH 094/124] Add missing include in tests/src/psa_memory_poisoning_wrappers.c to fix missing-prototype error Signed-off-by: Michael Schuster --- tests/src/psa_memory_poisoning_wrappers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/src/psa_memory_poisoning_wrappers.c b/tests/src/psa_memory_poisoning_wrappers.c index 05cba18ee7..7b48c7c95e 100644 --- a/tests/src/psa_memory_poisoning_wrappers.c +++ b/tests/src/psa_memory_poisoning_wrappers.c @@ -4,7 +4,8 @@ * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "test/memory.h" +#include +#include #include "psa_crypto_invasive.h" From f672b694fa7fcdb222821f9bef77ab9c5421e344 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Fri, 7 Jun 2024 07:02:45 +0200 Subject: [PATCH 095/124] Use correct conditionals in programs/ssl (fix unused-function errors) Signed-off-by: Michael Schuster --- programs/ssl/ssl_server2.c | 5 +++-- programs/ssl/ssl_test_common_source.c | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 679956c402..aa4cf22b2d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1376,7 +1376,8 @@ static int report_cid_usage(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) && \ + defined(MBEDTLS_HAVE_TIME) static inline void put_unaligned_uint32(void *p, uint32_t x) { memcpy(p, &x, sizeof(x)); @@ -1467,7 +1468,7 @@ static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, return ret; } -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C && MBEDTLS_HAVE_TIME */ static int parse_cipher(char *buf) { diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 98fae361ae..079b14d7a1 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -352,6 +352,7 @@ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix, } #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static void mbedtls_print_supported_sig_algs(void) { mbedtls_printf("supported signature algorithms:\n"); @@ -373,3 +374,4 @@ static void mbedtls_print_supported_sig_algs(void) mbedtls_printf("ecdsa_sha1\n"); mbedtls_printf("\n"); } +#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ From 82cb06913a4323d19e99eb662b87d6a12d86eb6e Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Fri, 7 Jun 2024 20:58:06 +0200 Subject: [PATCH 096/124] Fix format-pedantic error in programs/test/metatest.c Signed-off-by: Michael Schuster --- programs/test/metatest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 9d90d8cb72..d876e9a87d 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -128,7 +128,7 @@ static void null_pointer_dereference(const char *name) volatile char *volatile p; set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); /* Undefined behavior (read from null data pointer) */ - mbedtls_printf("%p -> %u\n", p, (unsigned) *p); + mbedtls_printf("%p -> %u\n", (void *) p, (unsigned) *p); } static void null_pointer_call(const char *name) From c1cd26b20f32a2ef382d51900406ffce3160b21b Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Sun, 21 Jul 2024 00:44:33 +0200 Subject: [PATCH 097/124] Revert commit 33af72df in order to not depend on test code Signed-off-by: Michael Schuster --- programs/cipher/cipher_aead_demo.c | 14 +++++++++++--- programs/hash/md_hmac_demo.c | 16 ++++++++++++---- programs/psa/aead_demo.c | 14 +++++++++++--- programs/psa/hmac_demo.c | 16 ++++++++++++---- tests/include/test/helpers.h | 3 --- tests/src/helpers.c | 9 --------- 6 files changed, 46 insertions(+), 26 deletions(-) diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c index 60a5ea280e..853ec202c6 100644 --- a/programs/cipher/cipher_aead_demo.c +++ b/programs/cipher/cipher_aead_demo.c @@ -35,8 +35,6 @@ #include "mbedtls/cipher.h" -#include - #include #include #include @@ -80,6 +78,16 @@ const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; * 32-byte is enough to all the key size supported by this program. */ const unsigned char key_bytes[32] = { 0x2a }; +/* Print the contents of a buffer in hex */ +void print_buf(const char *title, unsigned char *buf, size_t len) +{ + printf("%s:", title); + for (size_t i = 0; i < len; i++) { + printf(" %02x", buf[i]); + } + printf("\n"); +} + /* Run an Mbed TLS function and bail out if it fails. * A string description of the error code can be recovered with: * programs/util/strerror */ @@ -190,7 +198,7 @@ static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len, p += tag_len; olen = p - out; - mbedtls_test_print_buf("out", out, olen); + print_buf("out", out, olen); exit: return ret; diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c index ba51bfda26..4b5aa3ba78 100644 --- a/programs/hash/md_hmac_demo.c +++ b/programs/hash/md_hmac_demo.c @@ -32,8 +32,6 @@ #include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize -#include - #include #include @@ -58,6 +56,16 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 }; * This example program uses SHA-256, so a 32-byte key makes sense. */ const unsigned char key_bytes[32] = { 0 }; +/* Print the contents of a buffer in hex */ +void print_buf(const char *title, unsigned char *buf, size_t len) +{ + printf("%s:", title); + for (size_t i = 0; i < len; i++) { + printf(" %02x", buf[i]); + } + printf("\n"); +} + /* Run an Mbed TLS function and bail out if it fails. * A string description of the error code can be recovered with: * programs/util/strerror */ @@ -99,14 +107,14 @@ static int hmac_demo(void) CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1))); CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2))); CHK(mbedtls_md_hmac_finish(&ctx, out)); - mbedtls_test_print_buf("msg1", out, mbedtls_md_get_size(info)); + print_buf("msg1", out, mbedtls_md_get_size(info)); /* compute HMAC(key, msg2_part1 | msg2_part2) */ CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1))); CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2))); CHK(mbedtls_md_hmac_finish(&ctx, out)); - mbedtls_test_print_buf("msg2", out, mbedtls_md_get_size(info)); + print_buf("msg2", out, mbedtls_md_get_size(info)); exit: mbedtls_md_free(&ctx); diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c index b300e3619c..619166dba4 100644 --- a/programs/psa/aead_demo.c +++ b/programs/psa/aead_demo.c @@ -36,8 +36,6 @@ #include "psa/crypto.h" -#include - #include #include #include @@ -83,6 +81,16 @@ const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; * 32-byte is enough to all the key size supported by this program. */ const unsigned char key_bytes[32] = { 0x2a }; +/* Print the contents of a buffer in hex */ +void print_buf(const char *title, uint8_t *buf, size_t len) +{ + printf("%s:", title); + for (size_t i = 0; i < len; i++) { + printf(" %02x", buf[i]); + } + printf("\n"); +} + /* Run a PSA function and bail out if it fails. * The symbolic name of the error code can be recovered using: * programs/psa/psa_constant_name status */ @@ -208,7 +216,7 @@ static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg, p += olen_tag; olen = p - out; - mbedtls_test_print_buf("out", out, olen); + print_buf("out", out, olen); exit: psa_aead_abort(&op); // required on errors, harmless on success diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c index a85de008a7..f44f9a742f 100644 --- a/programs/psa/hmac_demo.c +++ b/programs/psa/hmac_demo.c @@ -32,8 +32,6 @@ #include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize -#include - #include #include @@ -60,6 +58,16 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 }; * This example program uses SHA-256, so a 32-byte key makes sense. */ const unsigned char key_bytes[32] = { 0 }; +/* Print the contents of a buffer in hex */ +void print_buf(const char *title, uint8_t *buf, size_t len) +{ + printf("%s:", title); + for (size_t i = 0; i < len; i++) { + printf(" %02x", buf[i]); + } + printf("\n"); +} + /* Run a PSA function and bail out if it fails. * The symbolic name of the error code can be recovered using: * programs/psa/psa_constant_name status */ @@ -114,14 +122,14 @@ static psa_status_t hmac_demo(void) PSA_CHECK(psa_mac_update(&op, msg1_part1, sizeof(msg1_part1))); PSA_CHECK(psa_mac_update(&op, msg1_part2, sizeof(msg1_part2))); PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len)); - mbedtls_test_print_buf("msg1", out, out_len); + print_buf("msg1", out, out_len); /* compute HMAC(key, msg2_part1 | msg2_part2) */ PSA_CHECK(psa_mac_sign_setup(&op, key, alg)); PSA_CHECK(psa_mac_update(&op, msg2_part1, sizeof(msg2_part1))); PSA_CHECK(psa_mac_update(&op, msg2_part2, sizeof(msg2_part2))); PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len)); - mbedtls_test_print_buf("msg2", out, out_len); + print_buf("msg2", out, out_len); exit: psa_mac_abort(&op); // needed on error, harmless on success diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 10b321d781..d08100f158 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -381,9 +381,6 @@ unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen); int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, uint32_t a_len, uint32_t b_len); -/* Print the contents of a buffer in hex */ -void mbedtls_test_print_buf(const char *title, unsigned char *buf, size_t len); - #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include "test/fake_external_rng_for_test.h" #endif diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 29b2df515d..065d17d3e0 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -660,15 +660,6 @@ int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, return ret; } -void mbedtls_test_print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - #if defined(MBEDTLS_TEST_HOOKS) void mbedtls_test_err_add_check(int high, int low, const char *file, int line) From 9e52d157e83fc25a54b4e391dec941dca5bef098 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Sun, 21 Jul 2024 00:46:10 +0200 Subject: [PATCH 098/124] Fix missing-prototype error for the print_buf functions in sample programs Signed-off-by: Michael Schuster --- programs/cipher/cipher_aead_demo.c | 2 +- programs/hash/md_hmac_demo.c | 2 +- programs/psa/aead_demo.c | 2 +- programs/psa/hmac_demo.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c index 853ec202c6..83fcce5878 100644 --- a/programs/cipher/cipher_aead_demo.c +++ b/programs/cipher/cipher_aead_demo.c @@ -79,7 +79,7 @@ const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; const unsigned char key_bytes[32] = { 0x2a }; /* Print the contents of a buffer in hex */ -void print_buf(const char *title, unsigned char *buf, size_t len) +static void print_buf(const char *title, unsigned char *buf, size_t len) { printf("%s:", title); for (size_t i = 0; i < len; i++) { diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c index 4b5aa3ba78..494e9efaa4 100644 --- a/programs/hash/md_hmac_demo.c +++ b/programs/hash/md_hmac_demo.c @@ -57,7 +57,7 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 }; const unsigned char key_bytes[32] = { 0 }; /* Print the contents of a buffer in hex */ -void print_buf(const char *title, unsigned char *buf, size_t len) +static void print_buf(const char *title, unsigned char *buf, size_t len) { printf("%s:", title); for (size_t i = 0; i < len; i++) { diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c index 619166dba4..2d99e3cbec 100644 --- a/programs/psa/aead_demo.c +++ b/programs/psa/aead_demo.c @@ -82,7 +82,7 @@ const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; const unsigned char key_bytes[32] = { 0x2a }; /* Print the contents of a buffer in hex */ -void print_buf(const char *title, uint8_t *buf, size_t len) +static void print_buf(const char *title, uint8_t *buf, size_t len) { printf("%s:", title); for (size_t i = 0; i < len; i++) { diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c index f44f9a742f..683f3e59c9 100644 --- a/programs/psa/hmac_demo.c +++ b/programs/psa/hmac_demo.c @@ -59,7 +59,7 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 }; const unsigned char key_bytes[32] = { 0 }; /* Print the contents of a buffer in hex */ -void print_buf(const char *title, uint8_t *buf, size_t len) +static void print_buf(const char *title, uint8_t *buf, size_t len) { printf("%s:", title); for (size_t i = 0; i < len; i++) { From a52952dcb1af20a5b99fdea15a64a9eb9833b5df Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Wed, 24 Jul 2024 18:23:50 +0200 Subject: [PATCH 099/124] Update the submodule to the head of PR in the framework repository See Mbed-TLS/mbedtls-framework#23 Signed-off-by: Michael Schuster --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 331565b041..d4177eb503 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 331565b041f794df2da76394b3b0039abce30355 +Subproject commit d4177eb503c908e2cdc1d00277df51f898156b60 From b77c419addb175b9765bfbf27692d572d4b399c1 Mon Sep 17 00:00:00 2001 From: Michael Schuster Date: Fri, 9 Aug 2024 20:39:28 +0200 Subject: [PATCH 100/124] Update the submodule to the head of PR in the framework repository See Mbed-TLS/mbedtls-framework#23 Signed-off-by: Michael Schuster --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d4177eb503..6a1dc7daa9 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d4177eb503c908e2cdc1d00277df51f898156b60 +Subproject commit 6a1dc7daa9e861fb873dd4b9f13ebfbd6f82f6dc From da41b60cefbbeabfe3451e166e4defbb3f737a4f Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Fri, 5 Jul 2024 11:27:21 +0100 Subject: [PATCH 101/124] Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA Signed-off-by: Elena Uziunaite --- library/ssl_ciphersuites.c | 40 +-- library/ssl_misc.h | 2 +- library/ssl_tls.c | 16 +- tests/suites/test_suite_ssl.data | 314 +++++++++--------- tests/suites/test_suite_ssl_decrypt.misc.data | 64 ++-- 5 files changed, 218 insertions(+), 218 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index d96e23672d..df7838d415 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -444,7 +444,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_CCM */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, @@ -478,7 +478,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_GCM */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_MD_CAN_SHA1) @@ -534,7 +534,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, @@ -568,7 +568,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_GCM */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_MD_CAN_SHA1) @@ -644,7 +644,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_CCM */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", @@ -685,7 +685,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_GCM */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ @@ -753,7 +753,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_CCM */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", @@ -795,7 +795,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_GCM */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ @@ -843,7 +843,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, @@ -877,7 +877,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_GCM */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_MD_CAN_SHA1) @@ -933,7 +933,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, @@ -967,7 +967,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_GCM */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_MD_CAN_SHA1) @@ -1044,7 +1044,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_CCM */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", @@ -1076,7 +1076,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_GCM */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ @@ -1145,7 +1145,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_CCM */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", @@ -1177,7 +1177,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_GCM */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -1213,7 +1213,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_CBC_NO_PADDING */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, @@ -1231,7 +1231,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ @@ -1282,7 +1282,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* PSA_WANT_ALG_CBC_NO_PADDING */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_ALG_SHA_256) { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", @@ -1314,7 +1314,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* PSA_WANT_ALG_SHA_384 */ #endif /* PSA_WANT_ALG_GCM */ -#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 495b72eb71..120f8ca3ca 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -256,7 +256,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); /* This macro determines whether CBC is supported. */ #if defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ (defined(PSA_WANT_KEY_TYPE_AES) || \ - defined(MBEDTLS_SSL_HAVE_CAMELLIA) || \ + defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \ defined(PSA_WANT_KEY_TYPE_ARIA)) #define MBEDTLS_SSL_SOME_SUITES_USE_CBC #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 69eefe6cac..018eb93d88 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2598,56 +2598,56 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type *key_size = 256; break; #endif -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) case MBEDTLS_CIPHER_CAMELLIA_128_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 128; break; #endif -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) case MBEDTLS_CIPHER_CAMELLIA_128_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 128; break; #endif -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) case MBEDTLS_CIPHER_CAMELLIA_128_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 128; break; #endif -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) case MBEDTLS_CIPHER_CAMELLIA_192_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 192; break; #endif -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) case MBEDTLS_CIPHER_CAMELLIA_192_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 192; break; #endif -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CBC_NO_PADDING) case MBEDTLS_CIPHER_CAMELLIA_256_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 256; break; #endif -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_CCM) case MBEDTLS_CIPHER_CAMELLIA_256_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 256; break; #endif -#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) && defined(PSA_WANT_ALG_GCM) case MBEDTLS_CIPHER_CAMELLIA_256_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_CAMELLIA; diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 851534bcd9..83ec274e2f 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -381,7 +381,7 @@ depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_ handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 Handshake, PSK-WITH-AES-128-CBC-SHA @@ -409,7 +409,7 @@ depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_ handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA @@ -557,23 +557,23 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDIN handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Sending app data via TLS, MFL=512 without fragmentation @@ -1354,195 +1354,195 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CB ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-GCM, 1.2 @@ -1594,39 +1594,39 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROT ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-GCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-192-GCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-GCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CCM, 1.2 @@ -1714,75 +1714,75 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROT ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CCM, 1.2, short tag -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-192-CCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-192-CCM, 1.2, short tag -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CCM, 1.2, short tag -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, NULL cipher, 1.2, SHA-384 @@ -2226,195 +2226,195 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CB ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-GCM, 1.2 @@ -2466,39 +2466,39 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROT ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-GCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-192-GCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-GCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CCM, 1.2 @@ -2586,75 +2586,75 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_AES:MBEDTLS_SSL_PROT ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-192-CCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CCM, 1.2 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:PSA_WANT_KEY_TYPE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, NULL cipher, 1.2, SHA-384 diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data index 804cea9878..0d3c05f342 100644 --- a/tests/suites/test_suite_ssl_decrypt.misc.data +++ b/tests/suites/test_suite_ssl_decrypt.misc.data @@ -271,129 +271,129 @@ depends_on:PSA_WANT_KEY_TYPE_ARIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_3 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 From 2ae2f451a903a4b661fd31ecb0844fc626b6572a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 Aug 2024 11:45:07 +0200 Subject: [PATCH 102/124] Update framework to the head of the main branch Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 6a1dc7daa9..94599c0e3b 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 6a1dc7daa9e861fb873dd4b9f13ebfbd6f82f6dc +Subproject commit 94599c0e3b5036e086446a51a3f79640f70f22f6 From 26769f190b8bde9fb7c67e2c7f5ae0e00c692963 Mon Sep 17 00:00:00 2001 From: Sam Berry Date: Wed, 7 Aug 2024 13:56:21 +0100 Subject: [PATCH 103/124] Changelog entry Signed-off-by: Sam Berry --- ChangeLog.d/psa_util_in_builds_without_psa.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/psa_util_in_builds_without_psa.txt diff --git a/ChangeLog.d/psa_util_in_builds_without_psa.txt b/ChangeLog.d/psa_util_in_builds_without_psa.txt new file mode 100644 index 0000000000..7c0866dd30 --- /dev/null +++ b/ChangeLog.d/psa_util_in_builds_without_psa.txt @@ -0,0 +1,5 @@ +Bugfix + * When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled, + some code was defining 0-size arrays, resulting in compilation errors. + Fixed by disabling the offending code in configurations without PSA + Crypto, where it never worked. Fixes #9311. From 3c1d287f8df7b5bb4d6ef0a1c487bc2a179d16cb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 Aug 2024 11:40:20 +0200 Subject: [PATCH 104/124] Mention the option name for the dynamic key store Signed-off-by: Gilles Peskine --- docs/architecture/psa-keystore-design.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/architecture/psa-keystore-design.md b/docs/architecture/psa-keystore-design.md index 54ba8ac28b..42f08495a9 100644 --- a/docs/architecture/psa-keystore-design.md +++ b/docs/architecture/psa-keystore-design.md @@ -113,6 +113,8 @@ With a static key store, `psa_wipe_key_slot()` destroys or purges a key by freei The dynamic key store allows a large number of keys, at the expense of more complex memory management. +The dynamic key store was added in Mbed TLS 3.6.1. It is enabled by `MBEDTLS_PSA_KEY_STORE_DYNAMIC`, which is enabled by default since Mbed TLS 3.6.1. + #### Dynamic key slot performance characteristics Key management and key access have $O(1)$ amortized performance, and mostly $O(1)$ performance for actions involving keys. More precisely: From 59602d39292b5364d31015ad4a3a5fe98489f707 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 14 Aug 2024 11:40:38 +0200 Subject: [PATCH 105/124] The fully static key store will miss the 3.6.1 release Signed-off-by: Gilles Peskine --- docs/architecture/psa-keystore-design.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/architecture/psa-keystore-design.md b/docs/architecture/psa-keystore-design.md index 42f08495a9..cdd2cac3ab 100644 --- a/docs/architecture/psa-keystore-design.md +++ b/docs/architecture/psa-keystore-design.md @@ -67,7 +67,7 @@ Note that a slot must not be moved in memory while it is being read or written. There are three variants of the key store implementation, responding to different needs. * Hybrid key store ([static key slots](#static-key-store) with dynamic key data): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Key material is allocated on the heap. This is the historical implementation. It remains the default in the Mbed TLS 3.6 long-time support (LTS) branch when using a handwritten `mbedtls_config.h`, as is common on resource-constrained platforms, because the alternatives have tradeoffs (key size limit and larger RAM usage at rest for the static key store, larger code size and more risk due to code complexity for the dynamic key store). -* Fully [static key store](#static-key-store) (since Mbed TLS 3.6.1): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Each key slot contains the key representation directly, and the key representation must be no more than `MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE` bytes. This is intended for very constrained devices that do not have a heap. +* Fully [static key store](#static-key-store) (since Mbed TLS 3.6.2): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Each key slot contains the key representation directly, and the key representation must be no more than `MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE` bytes. This is intended for very constrained devices that do not have a heap. * [Dynamic key store](#dynamic-key-store) (since Mbed TLS 3.6.1): the key store is dynamically allocated as multiple slices on the heap, with a size that adjusts to the application's usage. Key material is allocated on the heap. Compared to the hybrid key store, the code size and RAM consumption are larger. This is intended for higher-end devices where applications are not expected to have a highly predicatable resource usage. This is the default implementation when using the default `mbedtls_config.h` file, as is common on platforms such as Linux, starting with Mbed TLS 3.6.1. #### Future improvement: merging the key store variants @@ -95,7 +95,7 @@ When creating a volatile key, the slice containing the slot and index of the slo The static key store is the historical implementation. The key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. This value is an upper bound for the total number of volatile keys plus loaded keys. -Since Mbed TLS 3.6.1, there are two variants for the static key store: a hybrid variant (default), and a fully-static variant enabled by the configuration option `MBEDTLS_PSA_STATIC_KEY_SLOTS`. The two variants have the same key store management: the only difference is in how the memory for key data is managed. With fully static key slots, the key data is directly inside the slot, and limited to `MBEDTLS_PSA_KEY_SLOT_BUFFER_SIZE` bytes. With the hybrid key store, the slot contains a pointer to the key data, which is allocated on the heap. +Since Mbed TLS 3.6.2, there are two variants for the static key store: a hybrid variant (default), and a fully-static variant enabled by the configuration option `MBEDTLS_PSA_STATIC_KEY_SLOTS`. The two variants have the same key store management: the only difference is in how the memory for key data is managed. With fully static key slots, the key data is directly inside the slot, and limited to `MBEDTLS_PSA_KEY_SLOT_BUFFER_SIZE` bytes. With the hybrid key store, the slot contains a pointer to the key data, which is allocated on the heap. #### Volatile key identifiers in the static key store From 4ed0fded120dae6e37e0828d0e4b4ee3ca023e5f Mon Sep 17 00:00:00 2001 From: Sergey Markelov Date: Wed, 14 Aug 2024 15:06:03 -0700 Subject: [PATCH 106/124] Fix Mbed-TLS build when WIN32_LEAN_AND_MEAN macro is defined globally Signed-off-by: Sergey Markelov --- library/x509_crt.c | 2 ++ tf-psa-crypto/drivers/builtin/src/sha256.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index 5060ca330f..1de1ee64c1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -48,7 +48,9 @@ #if defined(MBEDTLS_HAVE_TIME) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) +#ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN +#endif #include #else #include diff --git a/tf-psa-crypto/drivers/builtin/src/sha256.c b/tf-psa-crypto/drivers/builtin/src/sha256.c index 49d98c327b..842b892cd5 100644 --- a/tf-psa-crypto/drivers/builtin/src/sha256.c +++ b/tf-psa-crypto/drivers/builtin/src/sha256.c @@ -152,7 +152,9 @@ static int mbedtls_a64_crypto_sha256_determine_support(void) return 1; } #elif defined(MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64) +#ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN +#endif #include #include From 9e143a73eadb07088cb06f6e953929b14fd09f3f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 19:31:57 +0100 Subject: [PATCH 107/124] Add psa_generate_key_iop_t structs and docs Signed-off-by: Paul Elliott Signed-off-by: Janos Follath --- tf-psa-crypto/include/psa/crypto.h | 40 +++++++++++++++++++++++ tf-psa-crypto/include/psa/crypto_struct.h | 34 +++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 6f0049bc6e..2b0343582f 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5168,6 +5168,46 @@ psa_status_t psa_key_agreement_iop_abort( /**@}*/ +/** + * \defgroup interruptible_generate_key Interruptible Key Generation + * @{ + */ + +/** + * The type of the state data structure for interruptible key generation + * operations. + * + * Before calling any function on an interruptible key generation object, the + * application must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_generate_key_iop_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_generate_key_iop_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_GENERATE_KEY_IOP_INIT, + * for example: + * - \code + * psa_generate_key_iop_t operation = PSA_GENERATE_KEY_IOP_INIT; + * \endcode + * - Assign the result of the function psa_generate_key_iop_init() to the + * structure, for example: + * \code + * psa_generate_key_iop_t operation; + * operation = psa_generate_key_iop_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. + */ +typedef struct psa_generate_key_iop_s psa_generate_key_iop_t; + +/**@}*/ + #ifdef __cplusplus } #endif diff --git a/tf-psa-crypto/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h index 9685eae209..2eec948119 100644 --- a/tf-psa-crypto/include/psa/crypto_struct.h +++ b/tf-psa-crypto/include/psa/crypto_struct.h @@ -526,6 +526,40 @@ psa_key_agreement_iop_init(void) return v; } +/** + * \brief The context for PSA interruptible key agreement. + */ +struct psa_generate_key_iop_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else + /** + * Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). + */ + unsigned int MBEDTLS_PRIVATE(id); + +#endif +}; + +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_GENERATE_KEY_IOP_INIT { 0 } +#else +#define PSA_GENERATE_KEY_IOP_INIT { 0 } +#endif + +static inline struct psa_generate_key_iop_s +psa_generate_key_iop_init(void) +{ + const struct psa_generate_key_iop_s v = PSA_GENERATE_KEY_IOP_INIT; + + return v; +} + #ifdef __cplusplus } #endif From f712452a0ec0792e1ab210bc5de406e68ce69af0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 19:33:17 +0100 Subject: [PATCH 108/124] Add psa_generate_key_iop_get_num_ops() docs Signed-off-by: Paul Elliott --- tf-psa-crypto/core/psa_crypto_ecp.c | 11 +++++++++++ tf-psa-crypto/include/psa/crypto.h | 25 +++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c index 096bc116b2..7f3a2b6496 100644 --- a/tf-psa-crypto/core/psa_crypto_ecp.c +++ b/tf-psa-crypto/core/psa_crypto_ecp.c @@ -592,6 +592,17 @@ exit: } #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ +/****************************************************************/ +/* Interruptible ECC Key Generation */ +/****************************************************************/ + +uint32_t psa_generate_key_iop_get_num_ops( + psa_generate_key_iop_t *operation) +{ + (void) operation; + return 0; +} + /****************************************************************/ /* Interruptible ECC Key Agreement */ /****************************************************************/ diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 2b0343582f..ac466da663 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5206,6 +5206,31 @@ psa_status_t psa_key_agreement_iop_abort( */ typedef struct psa_generate_key_iop_s psa_generate_key_iop_t; +/** + * \brief Get the number of ops that a key generation + * operation has taken so far. If the operation has + * completed, then this will represent the number + * of ops required for the entire operation. After + * initialization or calling \c + * psa_generate_key_iop_abort() on the operation, + * a value of 0 will be returned. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * This is a helper provided to help you tune the + * value passed to \c + * psa_interruptible_set_max_ops(). + * + * \param operation The \c psa_generate_key_iop_t to use. This must + * be initialized first. + * + * \return Number of ops that the operation has taken so + * far. + */ +uint32_t psa_generate_key_iop_get_num_ops(psa_generate_key_iop_t *operation); + /**@}*/ #ifdef __cplusplus From 6044f3e4449c66ffc5ca09e889a900602b4d4e34 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 21:30:36 +0100 Subject: [PATCH 109/124] Add psa_generate_key_iop_setup() documentation Signed-off-by: Paul Elliott --- tf-psa-crypto/core/psa_crypto_ecp.c | 11 +++ tf-psa-crypto/include/psa/crypto.h | 112 ++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c index 7f3a2b6496..16c394683b 100644 --- a/tf-psa-crypto/core/psa_crypto_ecp.c +++ b/tf-psa-crypto/core/psa_crypto_ecp.c @@ -603,6 +603,16 @@ uint32_t psa_generate_key_iop_get_num_ops( return 0; } +psa_status_t psa_generate_key_iop_setup( + psa_generate_key_iop_t *operation, + const psa_key_attributes_t *attributes) +{ + (void) operation; + (void) attributes; + + return PSA_SUCCESS; +} + /****************************************************************/ /* Interruptible ECC Key Agreement */ /****************************************************************/ @@ -649,4 +659,5 @@ psa_status_t psa_key_agreement_iop_abort( return PSA_SUCCESS; } + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index ac466da663..71ac2e9895 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5231,6 +5231,118 @@ typedef struct psa_generate_key_iop_s psa_generate_key_iop_t; */ uint32_t psa_generate_key_iop_get_num_ops(psa_generate_key_iop_t *operation); +/** + * \brief Start a key generation operation, in an + * interruptible manner. + * + * \see \c psa_generate_key_iop_complete() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_generate_key_iop_complete() is equivalent + * to \c psa_generate_key() but \c + * psa_generate_key_iop_complete() can return + * early and resume according to the limit set with + * \c psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function. + * + * \note Users should call + * \c psa_generate_key_iop_complete() repeatedly + * on the same operation object after a successful + * call to this function until \c + * psa_generate_key_iop_complete() either returns + * #PSA_SUCCESS or an error. + * \c psa_generate_key_iop_complete() will return + * #PSA_OPERATION_INCOMPLETE if there is more work + * to do. Alternatively users can call + * \c psa_generate_key_iop_abort() at any point + * if they no longer want the result. + * + * \note This function clears the number of ops completed + * as part of the operation. Please ensure you copy + * this value via + * \c psa_generate_key_iop_get_num_ops() if + * required before calling. + * + * \note If this function returns an error status, the + * operation enters an error state and must be + * aborted by calling \c + * psa_generate_key_iop_abort(). + * + * \param[in, out] operation The \c psa_generate_key_iop_t to use. + * This must be initialized as per the + * documentation for + * \c psa_generate_key_iop_t, and be inactive. + + * \param[in] attributes The attributes for the new key. + * The following attributes are required for all + * keys: + * * The key type. It must not be an asymmetric + * public key. + * * The key size. It must be a valid size for the + * key type. + * The following attributes must be set for keys + * used in cryptographic operations: + * * The key permitted-algorithm policy. + * * The key usage flags. + * The following attributes must be set for keys + * that do not use the default volatile lifetime: + * * The key lifetime. + * * The key identifier is required for a key with + * a persistent lifetime, + * + * \note \p attributes is an input parameter, it is not + * updated with the final key attributes. The final + * attributes of the new key can be queried by + * calling `psa_get_key_attributes()` with + * the key's identifier. + * + * \retval #PSA_SUCCESS + * The operation started successfully. + * Call \c psa_generate_key_iop_complete() with the same context to + * complete the operation. + * + * \retval PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is already + * a persistent key with the given identifier + * \retval PSA_ERROR_NOT_SUPPORTED + * The key attributes, as a whole, are not supported, either in general + * or in the specified storage location. + * \retval PSA_ERROR_INVALID_ARGUMENT + * The following conditions can result in this error: + * * The key type is invalid, or is an asymmetric public key type. + * * The key size is not valid for the key type. + * * The key lifetime is invalid. + * * The key identifier is not valid for the key lifetime. + * * The key usage flags include invalid values. + * * The key's permitted-usage algorithm is invalid. + * * The key attributes, as a whole, are invalid. + * \retval PSA_ERROR_NOT_PERMITTED + * Creating a key with the specified attributes is not permitted. + * + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The following conditions can result in this error: + * * The library has not been previously initialized by + * \c psa_crypto_init(). + * * The operation state is not valid: it must be inactive. + */ + +psa_status_t psa_generate_key_iop_setup( + psa_generate_key_iop_t *operation, + const psa_key_attributes_t *attributes); + /**@}*/ #ifdef __cplusplus From 08afb00a9b7f9660fbf2d11cad2bee66007e82a8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 21:31:55 +0100 Subject: [PATCH 110/124] Add psa_generate_key_iop_complete() documentation Signed-off-by: Paul Elliott --- tf-psa-crypto/core/psa_crypto_ecp.c | 10 ++++ tf-psa-crypto/include/psa/crypto.h | 76 +++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c index 16c394683b..f12c1cdb00 100644 --- a/tf-psa-crypto/core/psa_crypto_ecp.c +++ b/tf-psa-crypto/core/psa_crypto_ecp.c @@ -613,6 +613,16 @@ psa_status_t psa_generate_key_iop_setup( return PSA_SUCCESS; } +psa_status_t psa_generate_key_iop_complete( + psa_generate_key_iop_t *operation, + psa_key_id_t *key) +{ + (void) operation; + (void) key; + + return PSA_SUCCESS; +} + /****************************************************************/ /* Interruptible ECC Key Agreement */ /****************************************************************/ diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 71ac2e9895..72a4a8802c 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5343,6 +5343,82 @@ psa_status_t psa_generate_key_iop_setup( psa_generate_key_iop_t *operation, const psa_key_attributes_t *attributes); +/** + * \brief Continue and eventually complete the action of + * key generation, in an interruptible + * manner. + * + * \see \c psa_generate_key_iop_setup() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_generate_key_iop_setup() is equivalent to + * \c psa_generate_key() but this + * function can return early and resume according + * to the limit set with \c + * psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function call. + * + * \note Users should call this function on the same + * operation object repeatedly whilst it returns + * #PSA_OPERATION_INCOMPLETE, stopping when it + * returns either #PSA_SUCCESS or an error. + * Alternatively users can call + * \c psa_generate_key_iop_abort() at any + * point if they no longer want the result. + * + * \note When this function returns successfully, the + * operation becomes inactive. If this function + * returns an error status, the operation enters an + * error state and must be aborted by calling + * \c psa_generate_key_iop_abort(). + * + * \param[in, out] operation The \c psa_generate_key_iop_t to use. + * This must be initialized first, and have had \c + * psa_generate_key_iop_start() called + * with it first. + * + * \param[out] key On success, an identifier for the newly created + * key, on failure this will be set to + * #PSA_KEY_ID_NULL. + * + * \retval #PSA_SUCCESS + * The operation is complete and \p key contains the new key. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * + * \retval #PSA_OPERATION_INCOMPLETE + * Operation was interrupted due to the setting of \c + * psa_interruptible_set_max_ops(). There is still work to be done. + * Call this function again with the same operation object. + * + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is already a + * persistent key with the given identifier. + * + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The following conditions can result in this error: + * * The library has not been previously initialized by + * \c psa_crypto_init(). + * * The operation state is not valid: it must be inactive. + */ +psa_status_t psa_generate_key_iop_complete( + psa_generate_key_iop_t *operation, + psa_key_id_t *key); + /**@}*/ #ifdef __cplusplus From 0c1aa4af38216640ff9568213bacbfd4fc0b74f4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 18 Jul 2024 21:40:16 +0100 Subject: [PATCH 111/124] Add psa_generate_key_iop_abort() documentation Signed-off-by: Paul Elliott --- tf-psa-crypto/core/psa_crypto_ecp.c | 8 ++++++ tf-psa-crypto/include/psa/crypto.h | 40 +++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c index f12c1cdb00..77bc0b2142 100644 --- a/tf-psa-crypto/core/psa_crypto_ecp.c +++ b/tf-psa-crypto/core/psa_crypto_ecp.c @@ -623,6 +623,14 @@ psa_status_t psa_generate_key_iop_complete( return PSA_SUCCESS; } +psa_status_t psa_generate_key_iop_abort( + psa_generate_key_iop_t *operation) +{ + (void) operation; + + return PSA_SUCCESS; +} + /****************************************************************/ /* Interruptible ECC Key Agreement */ /****************************************************************/ diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 72a4a8802c..aabf0f7553 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5419,6 +5419,46 @@ psa_status_t psa_generate_key_iop_complete( psa_generate_key_iop_t *operation, psa_key_id_t *key); +/** + * \brief Abort a key generation operation. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function clears the number of ops completed + * as part of the operation. Please ensure you copy + * this value via + * \c psa_generate_key_iop_get_num_ops() if + * required before calling. + * + * \note Aborting an operation frees all + * associated resources except for the operation + * structure itself. Once aborted, the operation + * object can be reused for another operation by + * calling \c psa_generate_key_iop_setup() again. + * + * \note You may call this function any time after the + * operation object has been initialized. + * In particular, calling \c + * psa_generate_key_iop_abort() after the + * operation has already been terminated by a call + * to \c psa_generate_key_iop_abort() or + * psa_generate_key_iop_complete() is safe. + * + * \param[in,out] operation The \c psa_key_agreement_iop_t to use + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + * + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by + * \c psa_crypto_init(). + */ +psa_status_t psa_generate_key_iop_abort( + psa_generate_key_iop_t *operation); + /**@}*/ #ifdef __cplusplus From 2dc5fa3a198bcac85947cfb933ae06cf8f04ca58 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 19 Jul 2024 17:32:42 +0100 Subject: [PATCH 112/124] Add generated files for new iop key generation funcs Signed-off-by: Paul Elliott --- tests/include/test/psa_test_wrappers.h | 17 +++++++++++++++++ tests/src/psa_test_wrappers.c | 26 ++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h index 5ef1226c81..3fd4b32cdc 100644 --- a/tests/include/test/psa_test_wrappers.h +++ b/tests/include/test/psa_test_wrappers.h @@ -363,6 +363,23 @@ psa_status_t mbedtls_test_wrap_psa_generate_key_custom( #define psa_generate_key_custom(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key) \ mbedtls_test_wrap_psa_generate_key_custom(arg0_attributes, arg1_custom, arg2_custom_data, arg3_custom_data_length, arg4_key) +psa_status_t mbedtls_test_wrap_psa_generate_key_iop_abort( + psa_generate_key_iop_t *arg0_operation); +#define psa_generate_key_iop_abort(arg0_operation) \ + mbedtls_test_wrap_psa_generate_key_iop_abort(arg0_operation) + +psa_status_t mbedtls_test_wrap_psa_generate_key_iop_complete( + psa_generate_key_iop_t *arg0_operation, + psa_key_id_t *arg1_key); +#define psa_generate_key_iop_complete(arg0_operation, arg1_key) \ + mbedtls_test_wrap_psa_generate_key_iop_complete(arg0_operation, arg1_key) + +psa_status_t mbedtls_test_wrap_psa_generate_key_iop_setup( + psa_generate_key_iop_t *arg0_operation, + const psa_key_attributes_t *arg1_attributes); +#define psa_generate_key_iop_setup(arg0_operation, arg1_attributes) \ + mbedtls_test_wrap_psa_generate_key_iop_setup(arg0_operation, arg1_attributes) + psa_status_t mbedtls_test_wrap_psa_generate_random( uint8_t *arg0_output, size_t arg1_output_size); diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index 8557590d7c..8484b25d2d 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -622,6 +622,32 @@ psa_status_t mbedtls_test_wrap_psa_generate_key_custom( return status; } +/* Wrapper for psa_generate_key_iop_abort */ +psa_status_t mbedtls_test_wrap_psa_generate_key_iop_abort( + psa_generate_key_iop_t *arg0_operation) +{ + psa_status_t status = (psa_generate_key_iop_abort)(arg0_operation); + return status; +} + +/* Wrapper for psa_generate_key_iop_complete */ +psa_status_t mbedtls_test_wrap_psa_generate_key_iop_complete( + psa_generate_key_iop_t *arg0_operation, + psa_key_id_t *arg1_key) +{ + psa_status_t status = (psa_generate_key_iop_complete)(arg0_operation, arg1_key); + return status; +} + +/* Wrapper for psa_generate_key_iop_setup */ +psa_status_t mbedtls_test_wrap_psa_generate_key_iop_setup( + psa_generate_key_iop_t *arg0_operation, + const psa_key_attributes_t *arg1_attributes) +{ + psa_status_t status = (psa_generate_key_iop_setup)(arg0_operation, arg1_attributes); + return status; +} + /* Wrapper for psa_generate_random */ psa_status_t mbedtls_test_wrap_psa_generate_random( uint8_t *arg0_output, From 211ebb51da7ccd18d0caf88d6f1a4adc35e86a7b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 6 Aug 2024 08:07:36 +0100 Subject: [PATCH 113/124] Don't return success on a stub We shouldn't return PSA_SUCCESS from a function that isn't implemented. PSA_ERROR_NOT_SUPPORTED seems like the most appropriate return status for a function that isn't implemented. Signed-off-by: Janos Follath --- tf-psa-crypto/core/psa_crypto_ecp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto_ecp.c b/tf-psa-crypto/core/psa_crypto_ecp.c index 77bc0b2142..749e11be03 100644 --- a/tf-psa-crypto/core/psa_crypto_ecp.c +++ b/tf-psa-crypto/core/psa_crypto_ecp.c @@ -610,7 +610,7 @@ psa_status_t psa_generate_key_iop_setup( (void) operation; (void) attributes; - return PSA_SUCCESS; + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t psa_generate_key_iop_complete( @@ -620,7 +620,7 @@ psa_status_t psa_generate_key_iop_complete( (void) operation; (void) key; - return PSA_SUCCESS; + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t psa_generate_key_iop_abort( @@ -628,7 +628,7 @@ psa_status_t psa_generate_key_iop_abort( { (void) operation; - return PSA_SUCCESS; + return PSA_ERROR_NOT_SUPPORTED; } /****************************************************************/ From 7311600fd579a90e08a169fa6184bca03d49a283 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 6 Aug 2024 08:23:38 +0100 Subject: [PATCH 114/124] Constrain interruptible key generation to key-pairs Erroring on a symmetric-key type would actually be an extra line of code. In theory we could try to save that one line of code, but it is premature optimisation at this point. Also, this is a predominantly asymmetric crypto feature, it is less confusing/more user friendly if we don't allow symmetric keys here. Signed-off-by: Janos Follath --- tf-psa-crypto/include/psa/crypto.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index aabf0f7553..7fd4872d6b 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5280,8 +5280,7 @@ uint32_t psa_generate_key_iop_get_num_ops(psa_generate_key_iop_t *operation); * \param[in] attributes The attributes for the new key. * The following attributes are required for all * keys: - * * The key type. It must not be an asymmetric - * public key. + * * The key type. It must be an asymmetric key-pair. * * The key size. It must be a valid size for the * key type. * The following attributes must be set for keys From 9f48917b888f041ea9ca01769c97502a5d3b6450 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 13 Aug 2024 16:21:17 +0100 Subject: [PATCH 115/124] Improve IOP documentation Signed-off-by: Janos Follath --- tf-psa-crypto/include/psa/crypto.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 7fd4872d6b..5d40d07d41 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5272,11 +5272,13 @@ uint32_t psa_generate_key_iop_get_num_ops(psa_generate_key_iop_t *operation); * aborted by calling \c * psa_generate_key_iop_abort(). * + * \note Only asymmetric keys are supported. (See \p attributes.) + * * \param[in, out] operation The \c psa_generate_key_iop_t to use. * This must be initialized as per the * documentation for * \c psa_generate_key_iop_t, and be inactive. - + * * \param[in] attributes The attributes for the new key. * The following attributes are required for all * keys: @@ -5322,7 +5324,6 @@ uint32_t psa_generate_key_iop_get_num_ops(psa_generate_key_iop_t *operation); * \retval PSA_ERROR_NOT_PERMITTED * Creating a key with the specified attributes is not permitted. * - * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription @@ -5377,7 +5378,7 @@ psa_status_t psa_generate_key_iop_setup( * * \param[in, out] operation The \c psa_generate_key_iop_t to use. * This must be initialized first, and have had \c - * psa_generate_key_iop_start() called + * psa_generate_key_iop_setup() called * with it first. * * \param[out] key On success, an identifier for the newly created From 9e088847ae51f8dd76a6fcbd6cd2b21f4a35111b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 13 Aug 2024 17:54:44 +0100 Subject: [PATCH 116/124] Clarify IOP key generation restriction Public keys can't be generated. Co-authored-by: Gilles Peskine Signed-off-by: Janos Follath --- tf-psa-crypto/include/psa/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 5d40d07d41..77b740791a 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -5272,7 +5272,7 @@ uint32_t psa_generate_key_iop_get_num_ops(psa_generate_key_iop_t *operation); * aborted by calling \c * psa_generate_key_iop_abort(). * - * \note Only asymmetric keys are supported. (See \p attributes.) + * \note Only asymmetric key pairs are supported. (See \p attributes.) * * \param[in, out] operation The \c psa_generate_key_iop_t to use. * This must be initialized as per the From bdf2c98a2790adc321e4095ea22232132fe2bf6b Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 8 Aug 2024 21:09:05 +0100 Subject: [PATCH 117/124] Add psa_key_agreement() API Add psa_key_agreement() API and basic testing. Signed-off-by: Waleed Elmelegy --- tests/include/test/psa_test_wrappers.h | 10 +++ tests/src/psa_test_wrappers.c | 19 +++++ tf-psa-crypto/core/psa_crypto.c | 53 ++++++++++++++ tf-psa-crypto/include/psa/crypto.h | 73 +++++++++++++++++++ .../tests/suites/test_suite_psa_crypto.data | 36 ++++----- .../suites/test_suite_psa_crypto.function | 59 ++++++++++++++- 6 files changed, 228 insertions(+), 22 deletions(-) diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h index 3fd4b32cdc..7ab2bea6b9 100644 --- a/tests/include/test/psa_test_wrappers.h +++ b/tests/include/test/psa_test_wrappers.h @@ -458,6 +458,16 @@ psa_status_t mbedtls_test_wrap_psa_import_key( #define psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key) \ mbedtls_test_wrap_psa_import_key(arg0_attributes, arg1_data, arg2_data_length, arg3_key) +psa_status_t mbedtls_test_wrap_psa_key_agreement( + mbedtls_svc_key_id_t arg0_private_key, + const uint8_t *arg1_peer_key, + size_t arg2_peer_key_length, + psa_algorithm_t arg3_alg, + const psa_key_attributes_t *arg4_attributes, + mbedtls_svc_key_id_t *arg5_key); +#define psa_key_agreement(arg0_private_key, arg1_peer_key, arg2_peer_key_length, arg3_alg, arg4_attributes, arg5_key) \ + mbedtls_test_wrap_psa_key_agreement(arg0_private_key, arg1_peer_key, arg2_peer_key_length, arg3_alg, arg4_attributes, arg5_key) + psa_status_t mbedtls_test_wrap_psa_key_agreement_iop_abort( psa_key_agreement_iop_t *arg0_operation); #define psa_key_agreement_iop_abort(arg0_operation) \ diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index 8484b25d2d..6e42a8bba6 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -805,6 +805,25 @@ psa_status_t mbedtls_test_wrap_psa_import_key( return status; } +/* Wrapper for psa_key_agreement */ +psa_status_t mbedtls_test_wrap_psa_key_agreement( + mbedtls_svc_key_id_t arg0_private_key, + const uint8_t *arg1_peer_key, + size_t arg2_peer_key_length, + psa_algorithm_t arg3_alg, + const psa_key_attributes_t *arg4_attributes, + mbedtls_svc_key_id_t *arg5_key) +{ +#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) + MBEDTLS_TEST_MEMORY_POISON(arg1_peer_key, arg2_peer_key_length); +#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ + psa_status_t status = (psa_key_agreement)(arg0_private_key, arg1_peer_key, arg2_peer_key_length, arg3_alg, arg4_attributes, arg5_key); +#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) + MBEDTLS_TEST_MEMORY_UNPOISON(arg1_peer_key, arg2_peer_key_length); +#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ + return status; +} + /* Wrapper for psa_key_agreement_iop_abort */ psa_status_t mbedtls_test_wrap_psa_key_agreement_iop_abort( psa_key_agreement_iop_t *arg0_operation) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index 9ca592831f..e987625341 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -7700,6 +7700,59 @@ exit: return (status == PSA_SUCCESS) ? unlock_status : status; } +psa_status_t psa_key_agreement(mbedtls_svc_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + psa_algorithm_t alg, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key) +{ + psa_status_t status; + uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE]; + size_t shared_secret_len; + psa_key_type_t key_type; + size_t key_size = PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE; + psa_algorithm_t key_alg; + +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + *key = PSA_KEY_ID_NULL; +#else + key->key_id = PSA_KEY_ID_NULL; +#endif + + key_type = psa_get_key_type(attributes); + if (key_type != PSA_KEY_TYPE_DERIVE && key_type != PSA_KEY_TYPE_RAW_DATA + && key_type != PSA_KEY_TYPE_HMAC && key_type != PSA_KEY_TYPE_PASSWORD) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + key_alg = psa_get_key_algorithm(attributes); + if (key_alg != PSA_ALG_ECDH && key_alg != PSA_ALG_FFDH) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (psa_get_key_bits(attributes) != 0) { + key_size = PSA_BITS_TO_BYTES(psa_get_key_bits(attributes)); + } + + status = psa_raw_key_agreement(alg, private_key, peer_key, peer_key_length, shared_secret, + key_size, &shared_secret_len); + + if (status == PSA_SUCCESS) { + + psa_key_attributes_t shared_secret_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_type(&shared_secret_attributes, key_type); + psa_set_key_usage_flags(&shared_secret_attributes, psa_get_key_usage_flags(attributes)); + psa_set_key_algorithm(&shared_secret_attributes, key_alg); + psa_set_key_lifetime(&shared_secret_attributes, psa_get_key_lifetime(attributes)); + psa_set_key_bits(&shared_secret_attributes, shared_secret_len * 8); + + status = psa_import_key(&shared_secret_attributes, shared_secret, + shared_secret_len, key); + } + + return status; +} /****************************************************************/ /* Random generation */ diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 77b740791a..7a8dc6db02 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4048,6 +4048,79 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, size_t output_size, size_t *output_length); +/** Perform a key agreement and return the shared secret as a derivation key. + * + * \warning The shared secret resulting from a key agreement algorithm such as + * finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases. + * This makes it unsuitable for use as key material, for example, as an AES key. + * Instead, it is recommended that a key derivation algorithm is applied to the + * result, to derive unbiased cryptographic keys. + * + * \param private_key Identifier of the private key to use. It must + * allow the usage #PSA_KEY_USAGE_DERIVE. + * \param[in] peer_key Public key of the peer. It must be + * in the same format that psa_import_key() + * accepts. The standard formats for public + * keys are documented in the documentation + * of psa_export_public_key(). + * \param peer_key_length Size of \p peer_key in bytes. + * \param alg The key agreement algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg) + * is true). + * \param[in] attributes The attributes for the new key. + * \param[out] key On success, an identifier for the newly created + * key. #PSA_KEY_ID_NULL on failure. + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p private_key is not a valid key identifier. + * \retval #PSA_ERROR_NOT_PERMITTED + * \p private_key does not have the PSA_KEY_USAGE_DERIVE flag, + * or it does not permit the requested algorithm. + * The implementation does not permit creating a key with the specified attributes + * due to some implementation-specific policy. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is already + * a persistent key with the given identifier. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p alg is not a key agreement algorithm, or + * \p private_key is not compatible with \p alg, + * or \p peer_key is not valid for \p alg or not compatible with + * \p private_key. + * The output key attributes in \p attributes are not valid: + * The key type is not valid for key agreement output. + * The key size is nonzero, and is not the size of the shared secret. + * The key lifetime is invalid. + * The key identifier is not valid for the key lifetime. + * The key usage flags include invalid values. + * The key’s permitted-usage algorithm is invalid. + * The key attributes, as a whole, are invalid. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not a supported key agreement algorithm. + * \p private_key is not supported for use with alg. + * The output key attributes, as a whole, are not supported, + * either by the implementation in general or in the specified + * storage location. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + */ +psa_status_t psa_key_agreement(mbedtls_svc_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + psa_algorithm_t alg, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key); /**@}*/ /** \defgroup random Random generation diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index eb84bc588b..c2deaa5251 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7211,75 +7211,75 @@ key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ PSA raw key agreement: ECDH SECP256R1 (RFC 5903) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de" PSA raw key agreement: ECDH SECP384R1 (RFC 5903) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_384 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746" PSA raw key agreement: ECDH SECP521R1 (RFC 5903) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_521 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea" PSA raw key agreement: ECDH brainpoolP256r1 (RFC 7027) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b" PSA raw key agreement: ECDH brainpoolP384r1 (RFC 7027) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42" PSA raw key agreement: ECDH brainpoolP512r1 (RFC 7027) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f" PSA raw key agreement: X25519 (RFC 7748: Alice) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_MONTGOMERY_255 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" PSA raw key agreement: X25519 (RFC 7748: Bob) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_MONTGOMERY_255 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb":"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb":"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" PSA raw key agreement: X448 (RFC 7748: Alice) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_MONTGOMERY_448 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":"3eb7a829b0cd20f5bcfc0b599b6feccf6da4627107bdb0d4f345b43027d8b972fc3e34fb4232a13ca706dcb57aec3dae07bdc1c67bf33609":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":"3eb7a829b0cd20f5bcfc0b599b6feccf6da4627107bdb0d4f345b43027d8b972fc3e34fb4232a13ca706dcb57aec3dae07bdc1c67bf33609":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d" PSA raw key agreement: X448 (RFC 7748: Bob) depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_MONTGOMERY_448 -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d":"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d" +key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d":"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d" PSA raw key agreement: FFDH 2048 bits depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048 -raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"718ab2b5da3bc6e7767a98fb2c172bd74003fae2acffbc9a53d9b358401c1c748da36cab277e9397bc5eeec3010321d0f882d959eb097adddc99745526b213e30dc0df9fb1e4cd3fc27bfb1d6e89c715373439a66b9a13aa1334c84799827c17be1c36c1bc02fe60ea698da790fe4d2af710a435a1aae7fb11cd2a90a17ad87dde4f154b325dc47d8ea107a29d10a3bfa17149a1f9e8a1f7b680bfdca90fb0913c0b681670d904de49d7d000d24060330d4d2e4a2381d78c49e272d313174218561ceeb37e2ef824905d0fa42d13d49a73018411aeb749f7f4fc765bdc6db58bcebd995d4c949b0061f20759e1263d8f9ba3fd56afda07c178997256bb7d5230" +key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"718ab2b5da3bc6e7767a98fb2c172bd74003fae2acffbc9a53d9b358401c1c748da36cab277e9397bc5eeec3010321d0f882d959eb097adddc99745526b213e30dc0df9fb1e4cd3fc27bfb1d6e89c715373439a66b9a13aa1334c84799827c17be1c36c1bc02fe60ea698da790fe4d2af710a435a1aae7fb11cd2a90a17ad87dde4f154b325dc47d8ea107a29d10a3bfa17149a1f9e8a1f7b680bfdca90fb0913c0b681670d904de49d7d000d24060330d4d2e4a2381d78c49e272d313174218561ceeb37e2ef824905d0fa42d13d49a73018411aeb749f7f4fc765bdc6db58bcebd995d4c949b0061f20759e1263d8f9ba3fd56afda07c178997256bb7d5230" PSA raw key agreement: FFDH 2048 bits (shared secred with leading zeros) depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048 -raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"9156de25da686a831ca0645bfb49df73e4a126ab864393e943b3d12b7ad32cbf21709268bf918c4e03e9a3b54bd230d88f1ceaa2810fae5fd4091d31e76153daaf0da9168a7b39fa85acf618622efd1f70d5866e518f256d0ff90a0c468c41a329fb1dd837b18a4300be0f25b108fe7210705cdc0436df84592c1a8b372c5028d67ed5231f846452c942a5f087b3830aa139b0b045a7ae38903497e4ddd0585ce20504ff70e13dbadf77a73d5514eb9c38feeae3cb773311b360f8304f67cf3f2282e4aad47f1494b5823ae2196a23ca426426bef427e4056df1f9144b20bf0b1f6da451f8eead38fdc5bb71074e4d43e21bc6fa787a681c0ef92c633d73b348":"8a73c0f5d874a2afb718efa66f78c80adf713562145a9f5a1df5f2bb9ead8827eb518a769dc089364768b27b2e49ca465ec7c0710b3054ae256aec25de72bd435b3ede0e17ab50cc8ed102fa6a83a9f09454e59e218b894ee130fbd772fb95a83aba29c6b270daba1f3842b2eae2ad1eafe7945888a55cb459547d6cb0b276d25218df8948a86e49f3fefae9c5b30ca8a7fd1bac1c3a5cb4dedfbcbb5c6e5bafbdf8ffcb37d245260d00658450fad1ced83b5afedc43def222c7196f0531e101b3a777e5f5141597fe8c093485d0c8cc752b03e7f551ef3648b1da330fe3ba5dbbb9f11c1a44ef6c0c9c492b6140391254abb7ae8d3e77b4655ab6dd155ba2a1":"00a376f5bed9c27cfa7fa6e01ecd4094b6a189a6184270ea22cb5b2649a6c4b33682e0625536f7d61722fe85381d8ead8b283496db84f8e6b2eb7c5b015eb15c9bfa5eae290612e2aef4014d6bdce902f5907f73f6722d827b73297d14aa677ed1b75bc26785bb32cf60bed1d9467b2ac069ebe48ee9196bdbaa4565f9cfbff3c31e812c58d65bd5b4c45751d1439930d2ea237030307623a0b149a21077397ec5e2c50610c01f76cdec43ff2f9177a0b3a2b18de2a787d42b6f8bdacdcce49a6884f38c5a729e54ce616da439fc9fd6d7d266188b79e40800f22b8c21adcb1f8ffd2f5225e3dc4c485dc4df8184c04f0dea3b2c3f9b04e42e229fe1a24a77ba" +key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"9156de25da686a831ca0645bfb49df73e4a126ab864393e943b3d12b7ad32cbf21709268bf918c4e03e9a3b54bd230d88f1ceaa2810fae5fd4091d31e76153daaf0da9168a7b39fa85acf618622efd1f70d5866e518f256d0ff90a0c468c41a329fb1dd837b18a4300be0f25b108fe7210705cdc0436df84592c1a8b372c5028d67ed5231f846452c942a5f087b3830aa139b0b045a7ae38903497e4ddd0585ce20504ff70e13dbadf77a73d5514eb9c38feeae3cb773311b360f8304f67cf3f2282e4aad47f1494b5823ae2196a23ca426426bef427e4056df1f9144b20bf0b1f6da451f8eead38fdc5bb71074e4d43e21bc6fa787a681c0ef92c633d73b348":"8a73c0f5d874a2afb718efa66f78c80adf713562145a9f5a1df5f2bb9ead8827eb518a769dc089364768b27b2e49ca465ec7c0710b3054ae256aec25de72bd435b3ede0e17ab50cc8ed102fa6a83a9f09454e59e218b894ee130fbd772fb95a83aba29c6b270daba1f3842b2eae2ad1eafe7945888a55cb459547d6cb0b276d25218df8948a86e49f3fefae9c5b30ca8a7fd1bac1c3a5cb4dedfbcbb5c6e5bafbdf8ffcb37d245260d00658450fad1ced83b5afedc43def222c7196f0531e101b3a777e5f5141597fe8c093485d0c8cc752b03e7f551ef3648b1da330fe3ba5dbbb9f11c1a44ef6c0c9c492b6140391254abb7ae8d3e77b4655ab6dd155ba2a1":"00a376f5bed9c27cfa7fa6e01ecd4094b6a189a6184270ea22cb5b2649a6c4b33682e0625536f7d61722fe85381d8ead8b283496db84f8e6b2eb7c5b015eb15c9bfa5eae290612e2aef4014d6bdce902f5907f73f6722d827b73297d14aa677ed1b75bc26785bb32cf60bed1d9467b2ac069ebe48ee9196bdbaa4565f9cfbff3c31e812c58d65bd5b4c45751d1439930d2ea237030307623a0b149a21077397ec5e2c50610c01f76cdec43ff2f9177a0b3a2b18de2a787d42b6f8bdacdcce49a6884f38c5a729e54ce616da439fc9fd6d7d266188b79e40800f22b8c21adcb1f8ffd2f5225e3dc4c485dc4df8184c04f0dea3b2c3f9b04e42e229fe1a24a77ba" PSA raw key agreement: FFDH 3072 bits depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072 -raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"ff5de4e90966aadab8299ddbf8169af2c0d8d0d99a17b4a2e62ff55b36a69fe4566a775970dd0c2904465884b75b67756b0d04b68838e80d8bc84a741cd67d735ba7aec9b55a30cce1df81203fd5deb57bbec027846eb010054b4d5b911041f721358fc8acfc9c5f06d76932f42103adcde97d5607d93303a94fa9f9caea7108ce67a9ce866ef11b2b4ea8c2acb27340735ee8c64e7516e17bff3cf3ede166767f30cada892997f6b5309fc2cca54364678b93d044b4d8e5570e1f64127fcc21d8724fff275290d803df5fa413ec2f5231ce75a58f14a467cb80cc3c4f1f0a4a62ecc17c65f2723d3f7f804b2a02c91adbfea1b2bbbc9cf9a38df29da92a71375447c81c55b8fb4086f71d57e3260da06e08393f6329aa35e673a75545dee66d01e0c7243412c6e2043a984849b67095be3fb3bf39fff291639c57e44fda5d7c1898327c40c1815e88efe0330b4481e462d30e235f607dc9e53d99521f527d65bf3edb4d0332d6d074e652e84a2ffc5d75d1734b55f3b446db122af2a502f8a0" +key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"ff5de4e90966aadab8299ddbf8169af2c0d8d0d99a17b4a2e62ff55b36a69fe4566a775970dd0c2904465884b75b67756b0d04b68838e80d8bc84a741cd67d735ba7aec9b55a30cce1df81203fd5deb57bbec027846eb010054b4d5b911041f721358fc8acfc9c5f06d76932f42103adcde97d5607d93303a94fa9f9caea7108ce67a9ce866ef11b2b4ea8c2acb27340735ee8c64e7516e17bff3cf3ede166767f30cada892997f6b5309fc2cca54364678b93d044b4d8e5570e1f64127fcc21d8724fff275290d803df5fa413ec2f5231ce75a58f14a467cb80cc3c4f1f0a4a62ecc17c65f2723d3f7f804b2a02c91adbfea1b2bbbc9cf9a38df29da92a71375447c81c55b8fb4086f71d57e3260da06e08393f6329aa35e673a75545dee66d01e0c7243412c6e2043a984849b67095be3fb3bf39fff291639c57e44fda5d7c1898327c40c1815e88efe0330b4481e462d30e235f607dc9e53d99521f527d65bf3edb4d0332d6d074e652e84a2ffc5d75d1734b55f3b446db122af2a502f8a0" PSA raw key agreement: FFDH 3072 bits (shared secred with leading zeros) depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072 -raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"1c357f078144dbbf6815e798fbc6d98037a65bbd01961c6eb82d1f97bd0993132cfbba209e95e8a231e3bed2616b41119cc5a2f97d5da71ac2d6d0a6617a4e7b5d61857627cbfa57161de3aa6a2afac23f50e4a35dca1a82376879e695892a88323af1c0728eb1a76b2d3a1684df3f91ced0728f954d5349981cec5e309137f6d4e837d22f24a13fbd7985e2169b61aae812a68a1a4b3427b1e9f8612002b5fd711b9c9518c777c4e554a5109c9f079b929d5895df748a24d659d39e787076a1f1d9237a89b52c296644165d2625c541ff5052371093046f4b6abc28d3d2fbb4eb1cd2aa3d393a030f71c7050681b017febccd3bb947c6dbecf6fca28adb2a0f06e7cd9a6aa6eda160f0a3098bdd7a719f31beda56ffa0e26a212834d0da1f53e0739ef3ddbd119ff61b497d420585e3a8ea7cc3370829297da76edd3fb701d8efff6116dd87e6e542e82a76ab76cf5a75eb4638e817679fe06a5a3f04e67a101d154f4c2ccbf70b8bec0e5663fdd838ac0f4a4da02f0071e514b6c6d0ff3358":"17ec74c211f655be646c2f006056230208dcff38644efc429591562f3869f867e7b79cdfb3e426fef60ca77d9fc80ea39e21ec060321bab3c7820177eba4242d0cd9f0301e4da7146608409add169ed05dfda2702a437f3e2b8cd162a0e50da2682433d50c37cc1aeabc5c7cd8fdd359381a8d192af00d7f41b8c049b1e552b832224b40f9d85c4307f0b76b0e2605858fb33e594ac1d0c04d358209ad47133e76fa8dafd0f2370b1944a4780138618eaf66f6d4961c584aa7a34bcc1c78bbd15e7f5a2b8beaa8f66819dc04eabe08b24cabfe69e2b78a12470162ba6703bbbcf34890b8af761d36c33e3b72f631dbc5dd6f1fbafca18a8498623ea00bd9aa6b426da30e2ebc27075eb589b237d1dc54e215a6b6ec40220f14e320b72c5f702ee496b53a63edd5620294d9be88a862544c561b4e175ff3c094ab3adacc579334cb95fa2d29b17fa483ba50d6270b6478ce4f26b564bec6ae82a60e2c15456c4610b6567ba7d91218b59a670c517179d30d743751ae3c3e777ec1f29af890b2ec":"00abc3c15e3f8156a2785949d76c96c22fffb49b0701c29fb6711b51af0ce2851a8b469b4cb25750e2c35938f848f31f179470e3271eb6b8780ad5d757a2c1353f825baf55e5c76fbf4c73d2f0cdab409e8c4f85c3001da101cc97bea764c72e844cfad5f00cb8a81a5bfce5a4bf62b68ff2d13515064b17f23b7f6e6a65440856715d2696fa1957cc022b29e38fdbb8c2a0a54e22595ed66bc4c74c36d525b60900c7427274a9d60ea289a04715a677fb9c71eb1dbb38e30f30b2af8fa24f18a5a13e9f6ee83aeb4ec3f9452986399e2673ada70826b0a84cf446a21cce41e5119bf50798bc5fc9ffca9febe4ffc9d64f1b8abae11c7c8f5da0da2288b0f7a8aed286af03d06cdb1914fc50054bdd46c289c18b14297c4254b39ab5fd719264841b981c6531a80ebc8a59ebdfec9ae0413f3f9795622fad3bd34778e539ae104b8a85918401b10a3802a81db413bddac66f83b6428a33fe5c217a2d0feef50c8ef933d6e3d0f10d8b8630c52c89ae78385716efbfb855729ad0e5ef39828e6b" +key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"1c357f078144dbbf6815e798fbc6d98037a65bbd01961c6eb82d1f97bd0993132cfbba209e95e8a231e3bed2616b41119cc5a2f97d5da71ac2d6d0a6617a4e7b5d61857627cbfa57161de3aa6a2afac23f50e4a35dca1a82376879e695892a88323af1c0728eb1a76b2d3a1684df3f91ced0728f954d5349981cec5e309137f6d4e837d22f24a13fbd7985e2169b61aae812a68a1a4b3427b1e9f8612002b5fd711b9c9518c777c4e554a5109c9f079b929d5895df748a24d659d39e787076a1f1d9237a89b52c296644165d2625c541ff5052371093046f4b6abc28d3d2fbb4eb1cd2aa3d393a030f71c7050681b017febccd3bb947c6dbecf6fca28adb2a0f06e7cd9a6aa6eda160f0a3098bdd7a719f31beda56ffa0e26a212834d0da1f53e0739ef3ddbd119ff61b497d420585e3a8ea7cc3370829297da76edd3fb701d8efff6116dd87e6e542e82a76ab76cf5a75eb4638e817679fe06a5a3f04e67a101d154f4c2ccbf70b8bec0e5663fdd838ac0f4a4da02f0071e514b6c6d0ff3358":"17ec74c211f655be646c2f006056230208dcff38644efc429591562f3869f867e7b79cdfb3e426fef60ca77d9fc80ea39e21ec060321bab3c7820177eba4242d0cd9f0301e4da7146608409add169ed05dfda2702a437f3e2b8cd162a0e50da2682433d50c37cc1aeabc5c7cd8fdd359381a8d192af00d7f41b8c049b1e552b832224b40f9d85c4307f0b76b0e2605858fb33e594ac1d0c04d358209ad47133e76fa8dafd0f2370b1944a4780138618eaf66f6d4961c584aa7a34bcc1c78bbd15e7f5a2b8beaa8f66819dc04eabe08b24cabfe69e2b78a12470162ba6703bbbcf34890b8af761d36c33e3b72f631dbc5dd6f1fbafca18a8498623ea00bd9aa6b426da30e2ebc27075eb589b237d1dc54e215a6b6ec40220f14e320b72c5f702ee496b53a63edd5620294d9be88a862544c561b4e175ff3c094ab3adacc579334cb95fa2d29b17fa483ba50d6270b6478ce4f26b564bec6ae82a60e2c15456c4610b6567ba7d91218b59a670c517179d30d743751ae3c3e777ec1f29af890b2ec":"00abc3c15e3f8156a2785949d76c96c22fffb49b0701c29fb6711b51af0ce2851a8b469b4cb25750e2c35938f848f31f179470e3271eb6b8780ad5d757a2c1353f825baf55e5c76fbf4c73d2f0cdab409e8c4f85c3001da101cc97bea764c72e844cfad5f00cb8a81a5bfce5a4bf62b68ff2d13515064b17f23b7f6e6a65440856715d2696fa1957cc022b29e38fdbb8c2a0a54e22595ed66bc4c74c36d525b60900c7427274a9d60ea289a04715a677fb9c71eb1dbb38e30f30b2af8fa24f18a5a13e9f6ee83aeb4ec3f9452986399e2673ada70826b0a84cf446a21cce41e5119bf50798bc5fc9ffca9febe4ffc9d64f1b8abae11c7c8f5da0da2288b0f7a8aed286af03d06cdb1914fc50054bdd46c289c18b14297c4254b39ab5fd719264841b981c6531a80ebc8a59ebdfec9ae0413f3f9795622fad3bd34778e539ae104b8a85918401b10a3802a81db413bddac66f83b6428a33fe5c217a2d0feef50c8ef933d6e3d0f10d8b8630c52c89ae78385716efbfb855729ad0e5ef39828e6b" PSA raw key agreement: FFDH 4096 bits depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096 -raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"262392693c8ca0da404d0195742df69a6b87d22984765c91e3c9dbbc0293960cf1f9deb7a25998a91f8c6b9756224435fc143f31690af35eb211acffec542c8f8fbea3c9112d666639d40a699467bb195815b8b816363ca44baa4df22eca425fa9ab1471ddf045f4e252090663c1c536dd29623c324c7e18b694f83a6c655fb3d95d5a9831ccc9978f66916e95aff49d973f322e2b43f5632a19d79d615a56539aa2ec8f4441bbf4f8016f8c23407e371e9de212c6f1d7d3ca4093c2648451eef68c03aa251547e94046d5fbdffb5cdc0f713bc390111d6727fc1d11243046203ad6632d91c1df3efa77ce530ff26376a208349f2b18628422c9ae13ef84f4a15c1e05ce5fb92ff55547943db4727d091308deb85f54acb94d14411049924b79da131e736a9af42a3fa7139d0357925f430c6cd4330b01ff66f5f8cca26f4230d562f45d5f75bd6d133114449205263c5631f3d561e2ed81e6aa54376094757cbb6f6857c03574e9f6042dc80ea78be470b836c5371a3fae8c119f67c28f856fe70c2affb46574a4356e995a45bdf35e50a6f3a2556d3d1d7c42db8e63430933ffc4783d571908a1270a3cd20d87678cc288ccc183c7cd7512587536a8e15267dd5af0ad3b501ecebc0ecd9ecfd410ce356f9305e4a32cfcafa676da5b5a9ed9b13a5e4cfc06e87310ccdc3ed988699610d7d3125de13a8ac0b59f782859f0b1" +key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"262392693c8ca0da404d0195742df69a6b87d22984765c91e3c9dbbc0293960cf1f9deb7a25998a91f8c6b9756224435fc143f31690af35eb211acffec542c8f8fbea3c9112d666639d40a699467bb195815b8b816363ca44baa4df22eca425fa9ab1471ddf045f4e252090663c1c536dd29623c324c7e18b694f83a6c655fb3d95d5a9831ccc9978f66916e95aff49d973f322e2b43f5632a19d79d615a56539aa2ec8f4441bbf4f8016f8c23407e371e9de212c6f1d7d3ca4093c2648451eef68c03aa251547e94046d5fbdffb5cdc0f713bc390111d6727fc1d11243046203ad6632d91c1df3efa77ce530ff26376a208349f2b18628422c9ae13ef84f4a15c1e05ce5fb92ff55547943db4727d091308deb85f54acb94d14411049924b79da131e736a9af42a3fa7139d0357925f430c6cd4330b01ff66f5f8cca26f4230d562f45d5f75bd6d133114449205263c5631f3d561e2ed81e6aa54376094757cbb6f6857c03574e9f6042dc80ea78be470b836c5371a3fae8c119f67c28f856fe70c2affb46574a4356e995a45bdf35e50a6f3a2556d3d1d7c42db8e63430933ffc4783d571908a1270a3cd20d87678cc288ccc183c7cd7512587536a8e15267dd5af0ad3b501ecebc0ecd9ecfd410ce356f9305e4a32cfcafa676da5b5a9ed9b13a5e4cfc06e87310ccdc3ed988699610d7d3125de13a8ac0b59f782859f0b1" PSA raw key agreement: FFDH 4096 bits (shared secred with leading zeros) depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096 -raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"d39cf86d9d81011fc48d3bd489decd4cd520ba87e469b5899fae777109ff7b43c8c809814521a8d66ac33099c9bd2a8567a202c21a8b5457603ac1ce95ea9ae705efd69fb7c514295059938d818bb65b7c881d1ef9541346be2131143f51db13109e9a4fdff1ef2208839c89eb1c1d52018c77c33f5b7e73a747002997c75f4a3dcf15e7cd73938ece0cdefc9fcfa2c4b1c3416eb2fecc00ce328b0b2bead58493b3e8c25d3c0a675bf6ce2363917d1e74a7987a464709fcfcd1b512b67dc1023ade2cc027109169ffcb51625fbb0c607946a6009811be07047024bb6e517f388a99a08f2c73b7e0b779d8469797eb3153f2e5ddde2931a8f97c586e20c5e521b84d015a52f8e13d5fa34c32bc118b62d34cf157f1db40423f384a16a78c7e1569a5d754db6216f6412abfa7c440586c506d5be88d5172a311b8f16f70a06162dbab6ee09fea55c47f6538d3775d236cfa50824f5c8bafa44bcd9424aa620ef17466413f35aa6e6eb5c8d8a26a7ffd6e8bda2dc5ada4b296885635fc8a73933de059ff403fb0a322bf6daba24330a7be204c307f44260b4d34000d2142f79654360af82179f9d5e18e8f47c7d94a10fd077f011bdef578a2b57d5a382ca404f67fd3c59d95a3481f1311c7454bb45acba1e1c30acb6a9fbda70aea30a9ca76471dc46e504abae9a06eb9a8cfed83143cffef3c530b03185609a55484aaf9f677":"b7baa37aca4cd56e4107c3e428a7a568adbf678e741ad89f157f66803370618abfd8ec7c159d84a741c276ea119eaf2ec1bc4431a073d92de3dbca1287a37522b2ca4ef8c0a0fa76c1dd5f665d498ae62e5e2925b6d921d797d76d86e27ac8286643c19a2a2b1361fe7dd772766e9511127fd0cf92ad98099a9e1760ad969be0a7df4936f1b37455cbfe3a1ac9b3b83205594f018bb5f64970371d4e5396f4c5e8cf0cffaa4525ee811b39632551af470efc435fab26e3cbd643feb0113bf56fd4bced3ad743e55be2eaefa7d36833f56af570ff773a3a3cf649b1ef62fb300c4c5a70d70e4d6ba1ca405483f036092f5b9f94960306515fcd4a0d8a086d826c105924d05ce5ee3dd7c62d61d1a460772b169fd943824e0efffdde3f27439e112766780bca7b4c82a2c8fac1d18894fcbd40ea5f7f23aa27024870404cf1832cfa025df193f31aa275fc685fb348c321a2186adf32c9cd203cb4b1c49b8afffbfe11e1d443711a5a1da302fa0e52b5143e6ae7aa40ed4828d03a17443f04061f56c2d3b83298d617cd3a78cd84233dda83c4e541e9b98f0f4e7fed504f888ac929f0f3e00e3569e0f0aa95dd811297efa8af84c645d59bb6c2e968c1ba77772d858ff2d7448b65c723f6a87604ce938b670b612b3eebaa795593be2cac1d631c1b7d9baccb2cbebda6019eb42469ae4209a953f48c3cd438cd1b7b06c8c54819":"0053ad8c14e1ec87d76bf9127e084beaead313bf93f0f241442316af144097077da91c83d68c78692dd952036731624ec8ea8bf8bf85f7a278289f667bd5d92a6aa2e41337ee9e6089f8ead48ff7e179c80bedc10fa6e6e0c1511f33afe96f0890e6ef9b6f981f8337e60ada56ce0ed30ab1f6f8b72a3234cbc77db017c470d549173ae203cf73b4a5901a4edf713a866069bc7790e799becde1a088e8c3e3c41ac8f9c9abf8561af51f738577e183197c85e5d3ea5bfc6471577e7daa5cd3ed53f7e72849890d2d1f8ff0a830a1ce6283dd61e5e04b25183b42074e193cfde4ed2e35b25fb57715f74290a612d21e404394d9bc4116952cf962c14149287cf71d7c8bc26a9eac0231a0dfc4ed68fad9ceb195f82ca0012c8c9ff4350bb0a2da913af26fb0f0940541dc3ad788d3cc8512e0dfdf7e5f9604437492ed8b52c5b0eabfa04231a90abbf1b29298f33b55c4e94fe7af4aa94b572d4a7f4cd67de41b90f3224b9ce57d6656835560a8c8d22496d8dd15ac37866dc1b04cdbc23847e5f2bd8d1a5639c6e91612ceba11bd1125a75dbed89f01ba738bd27ca0a788fddcec35b823f986d5be1acc037f56d236eebedf8ec50e831f532194a62740ef45b49511abbe51b7179ec04b1aa752c0182dbef3e099579fdfe2624848bfa1c389a06039bff756d4cc0cb9cb4cc2fd382336afce62a20975409e0fc5a45e7a83416c" +key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"d39cf86d9d81011fc48d3bd489decd4cd520ba87e469b5899fae777109ff7b43c8c809814521a8d66ac33099c9bd2a8567a202c21a8b5457603ac1ce95ea9ae705efd69fb7c514295059938d818bb65b7c881d1ef9541346be2131143f51db13109e9a4fdff1ef2208839c89eb1c1d52018c77c33f5b7e73a747002997c75f4a3dcf15e7cd73938ece0cdefc9fcfa2c4b1c3416eb2fecc00ce328b0b2bead58493b3e8c25d3c0a675bf6ce2363917d1e74a7987a464709fcfcd1b512b67dc1023ade2cc027109169ffcb51625fbb0c607946a6009811be07047024bb6e517f388a99a08f2c73b7e0b779d8469797eb3153f2e5ddde2931a8f97c586e20c5e521b84d015a52f8e13d5fa34c32bc118b62d34cf157f1db40423f384a16a78c7e1569a5d754db6216f6412abfa7c440586c506d5be88d5172a311b8f16f70a06162dbab6ee09fea55c47f6538d3775d236cfa50824f5c8bafa44bcd9424aa620ef17466413f35aa6e6eb5c8d8a26a7ffd6e8bda2dc5ada4b296885635fc8a73933de059ff403fb0a322bf6daba24330a7be204c307f44260b4d34000d2142f79654360af82179f9d5e18e8f47c7d94a10fd077f011bdef578a2b57d5a382ca404f67fd3c59d95a3481f1311c7454bb45acba1e1c30acb6a9fbda70aea30a9ca76471dc46e504abae9a06eb9a8cfed83143cffef3c530b03185609a55484aaf9f677":"b7baa37aca4cd56e4107c3e428a7a568adbf678e741ad89f157f66803370618abfd8ec7c159d84a741c276ea119eaf2ec1bc4431a073d92de3dbca1287a37522b2ca4ef8c0a0fa76c1dd5f665d498ae62e5e2925b6d921d797d76d86e27ac8286643c19a2a2b1361fe7dd772766e9511127fd0cf92ad98099a9e1760ad969be0a7df4936f1b37455cbfe3a1ac9b3b83205594f018bb5f64970371d4e5396f4c5e8cf0cffaa4525ee811b39632551af470efc435fab26e3cbd643feb0113bf56fd4bced3ad743e55be2eaefa7d36833f56af570ff773a3a3cf649b1ef62fb300c4c5a70d70e4d6ba1ca405483f036092f5b9f94960306515fcd4a0d8a086d826c105924d05ce5ee3dd7c62d61d1a460772b169fd943824e0efffdde3f27439e112766780bca7b4c82a2c8fac1d18894fcbd40ea5f7f23aa27024870404cf1832cfa025df193f31aa275fc685fb348c321a2186adf32c9cd203cb4b1c49b8afffbfe11e1d443711a5a1da302fa0e52b5143e6ae7aa40ed4828d03a17443f04061f56c2d3b83298d617cd3a78cd84233dda83c4e541e9b98f0f4e7fed504f888ac929f0f3e00e3569e0f0aa95dd811297efa8af84c645d59bb6c2e968c1ba77772d858ff2d7448b65c723f6a87604ce938b670b612b3eebaa795593be2cac1d631c1b7d9baccb2cbebda6019eb42469ae4209a953f48c3cd438cd1b7b06c8c54819":"0053ad8c14e1ec87d76bf9127e084beaead313bf93f0f241442316af144097077da91c83d68c78692dd952036731624ec8ea8bf8bf85f7a278289f667bd5d92a6aa2e41337ee9e6089f8ead48ff7e179c80bedc10fa6e6e0c1511f33afe96f0890e6ef9b6f981f8337e60ada56ce0ed30ab1f6f8b72a3234cbc77db017c470d549173ae203cf73b4a5901a4edf713a866069bc7790e799becde1a088e8c3e3c41ac8f9c9abf8561af51f738577e183197c85e5d3ea5bfc6471577e7daa5cd3ed53f7e72849890d2d1f8ff0a830a1ce6283dd61e5e04b25183b42074e193cfde4ed2e35b25fb57715f74290a612d21e404394d9bc4116952cf962c14149287cf71d7c8bc26a9eac0231a0dfc4ed68fad9ceb195f82ca0012c8c9ff4350bb0a2da913af26fb0f0940541dc3ad788d3cc8512e0dfdf7e5f9604437492ed8b52c5b0eabfa04231a90abbf1b29298f33b55c4e94fe7af4aa94b572d4a7f4cd67de41b90f3224b9ce57d6656835560a8c8d22496d8dd15ac37866dc1b04cdbc23847e5f2bd8d1a5639c6e91612ceba11bd1125a75dbed89f01ba738bd27ca0a788fddcec35b823f986d5be1acc037f56d236eebedf8ec50e831f532194a62740ef45b49511abbe51b7179ec04b1aa752c0182dbef3e099579fdfe2624848bfa1c389a06039bff756d4cc0cb9cb4cc2fd382336afce62a20975409e0fc5a45e7a83416c" PSA raw key agreement: FFDH 6144 bits depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144 -raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"ede0361026e81a9ad960f674de49449f12ee33c2dda7028c6b7fad7f8f8a7edc495621a6d13e47847873a954adfe7bb6a2ed7c9bc21f3b57458d9116ff4ed06cfca40e2002a70bca91a9a9e0475dd74be7d58453d3cc155ee0b0be20197e14674a7a6f8d903e211cbdbdad1e3383d0d1ae6b4d56837671589d8f151acb34bb4d1cdda55a0f9d1f70e80c61553fd0152bc871e930054efe763fdcd1f8fd1702afa61b3471e7a504612c58ab05ed581b34e2a884c5dd8d2aa919855351719e2cb290d00f0b161c104415f5579731072c1382508421c8d674113b2fe25a0e979455c8f145285ed3d32b744153d3ffab7625a3173440f026ecc62d9dd1bbdff6136f5d9d5245ff307eabfa91f6a10e7cf62a889975c0afd2f707eb8a43c2499c05029ca613edae2741f8e56b186a6390fbb0962323ed6c492620c1c8a24f9a89f15c00bd7263423e714db0fe0381556a15a8e4d1b7383d52fd524425e0200f9d410833330253306b1c23c15c08310bfc12b48131c120db8444d34dd951c5fd6df44e0eecbe92ad5f13641600db68d1d2c7d8ff460058c09d89d4febf2fcaacb40c900e19e4dc868a24ec61361c452541a0fb13da53d61b59806e0598985031e161a2e887420e4c6ce217587c72cd3a7b3085d2383112e1066277ed63e82ec16ac6dc7ce0ade255f30275b9798d4476f31d8d237c4d79b13da9dc6ceed7fe626e4da6eb6cfd234b8fdec4fd4520898b13a77aa034361c0d63edef55595e3e638b48c1c00e8c683c8cffd9fac2a33f73e04aff1f4624669057c7faf51f996e3d64bea3097b4810f99c8f078887be2440f67b249467eb26a03210b4d2baeaa8dc9746a14a6cfb45297e121eef8540eb438270403105c11ef4fed87127545b81e37ee1f942605a5a46253752351dee91d0a171031defa9dd20cbb942e3940fa43542f6fbcb0980f6ef2b36297527f7c0d47e36ea203ab924e937ca10e9d9e64c6419a061a300f86ffed0e2e72a1f73310efc00118dd315a6b01e19406471e071e4c153e2216d525195357fedf3d1f12d2c1ca659bbd1a6d1fa28b6bfb648deec17f8a894" +key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"ede0361026e81a9ad960f674de49449f12ee33c2dda7028c6b7fad7f8f8a7edc495621a6d13e47847873a954adfe7bb6a2ed7c9bc21f3b57458d9116ff4ed06cfca40e2002a70bca91a9a9e0475dd74be7d58453d3cc155ee0b0be20197e14674a7a6f8d903e211cbdbdad1e3383d0d1ae6b4d56837671589d8f151acb34bb4d1cdda55a0f9d1f70e80c61553fd0152bc871e930054efe763fdcd1f8fd1702afa61b3471e7a504612c58ab05ed581b34e2a884c5dd8d2aa919855351719e2cb290d00f0b161c104415f5579731072c1382508421c8d674113b2fe25a0e979455c8f145285ed3d32b744153d3ffab7625a3173440f026ecc62d9dd1bbdff6136f5d9d5245ff307eabfa91f6a10e7cf62a889975c0afd2f707eb8a43c2499c05029ca613edae2741f8e56b186a6390fbb0962323ed6c492620c1c8a24f9a89f15c00bd7263423e714db0fe0381556a15a8e4d1b7383d52fd524425e0200f9d410833330253306b1c23c15c08310bfc12b48131c120db8444d34dd951c5fd6df44e0eecbe92ad5f13641600db68d1d2c7d8ff460058c09d89d4febf2fcaacb40c900e19e4dc868a24ec61361c452541a0fb13da53d61b59806e0598985031e161a2e887420e4c6ce217587c72cd3a7b3085d2383112e1066277ed63e82ec16ac6dc7ce0ade255f30275b9798d4476f31d8d237c4d79b13da9dc6ceed7fe626e4da6eb6cfd234b8fdec4fd4520898b13a77aa034361c0d63edef55595e3e638b48c1c00e8c683c8cffd9fac2a33f73e04aff1f4624669057c7faf51f996e3d64bea3097b4810f99c8f078887be2440f67b249467eb26a03210b4d2baeaa8dc9746a14a6cfb45297e121eef8540eb438270403105c11ef4fed87127545b81e37ee1f942605a5a46253752351dee91d0a171031defa9dd20cbb942e3940fa43542f6fbcb0980f6ef2b36297527f7c0d47e36ea203ab924e937ca10e9d9e64c6419a061a300f86ffed0e2e72a1f73310efc00118dd315a6b01e19406471e071e4c153e2216d525195357fedf3d1f12d2c1ca659bbd1a6d1fa28b6bfb648deec17f8a894" PSA raw key agreement: FFDH 6144 bits (shared secred with leading zeros) depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144 -raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"8bc903e9b5b0742e86d657f64082205c1d50268b8d1d9260e5474e8b686e63adfab13484cc24e35b6f43f5e998fcd7d92c4aece9eb30b0f51b7a2200911e6d38b41da23f04e37697b6a7ac053d15676b75538aefb6693be8eda8b7d07b7611fbc9673e98d8580131cd3462d8851ab00f5831497cb89b4fdfd597a4fc84a9fe1a28ca3ceb17b70334af2414fff73584f2a21fda89c10e2b23a4b454ea4cd6d901312e52a557d45b9350dc8e8b08eb31a73095f014efebf1336ea2c4938fd477f90da212c92eeba483d784b377514c3afb7e34f8dbd6d4ca281aa0bb9167d6d96894b225deccfee7453739becb849c1f381720a59836df967d6525876509515014e46b0a8b27afd304b5db238dfdbe14afb8fb1433b05a00654abede04978f84116e4e3e3a6bdc9ef558dbc1a9cc5c5ba1ee4bd8654845f04106d3b1b48b3208d109aa96609cad246e543d94683b8963e13597dc4aec21b0959e7e6d73efc91ff2b9b52f0e9189f0619264b9893f9289dd8e9bd6d3cbccf079ab8fbd525151e704bd517ee8f29505046620048a684883e6fb858ce7b9e72ea35ae4ad7ded04f39e37a3056b6b695ef2032cb5cf99e22ce5500ba0315aff86516c42b1288c94b46dc0548c7ba07c2b2ca8423b9ba4782c1d4626589ae2b325917484f8eda07f2071276d3fb78bb71a5c501396302eacd1b07b28487c580c5ec5be236e1ad4fcc434325b24a2409c236a85f7b9e0e66f6548a1814c519919d8215b0370b9b3256aa10a28a05f0d2265f6fa7842dfbc67c8f32e9fe12d0df647665ba9809349e5ef6911a4755330d004de03e598cbd7e2b80c259d9d66050177df8984263a7c53abb5ea3157945b727fbf1866649260e321a7ad5eaea41639b35ed6e98b74ab679eab93e5873857342fbb55cda604f57222555631741aa97d74b5eff885aa45ce5a25d34841aa0ea4ea317267e86c45f713c81c3de81cd6eb252053544a5dcacd9f7388704bda8acf83276975f03bffd403eaf199a7a1367d2e6b40c7d94e23679b6520eb40b5d61f5f56c6939f21a4f1dc00f13b5cdcaaf827c760a6e4a9c5601961":"b3795eb1aead05ed8b950e0a00fa12ac0ce4679e6f7715ffd8b5df04e5b068c82210482d3a377b224dc7aec1dfb7e4d635b9fbc22a5534b6a4cb50d3c39cd0dd5e0ec45ea69a3296b83ce89b5cc0c5e15e4934212e8c33ed23939912d0cd738eaa949f763450d5a07fb1540207065f1159a55af7f80bc48c49f88164cd4492b0020902c78295dacfe593fedc1914ddefebf45b5eccd6830681a80c853a3f2389798c391aab3baafd578ad0bf0dfe5b63fd05835e215c6850c0f61e48698053fec9281f0a11b45cc4e259b310a9720456c481031e0467401afeade395ab9b664d9fdb42f953aaf9fb6501c2e105868201ef26d58d31d473c676c751bd892a84a59441f92f7b6ba49a7e385b3d13f806e701a7c339d37e5596414631ed95908c7118f45250acb68f6f2d9ea4bfcb85dc75d21a03a5dc2b86d41cc55753a72a185ce94d20cb897f8759b4ba41e56fe9cf6edf7ee733581589b319e85300b7f479b093030e2d345584e2934dafddda62701404b628b2f25a15992b7ded6271fecb37b817316a908ede803285da3b57986196d59b164692384d469c09b4551b37862d588294a022db7deca641ae90f9a96d75612d55b673213419a450f7ccf78a2fdad291f6c905b5e1a0bbe90baec1c2706d7d81ea8f6d68d350004ea00f24009f6121650547e84b3edb66d969af206f5011ededee736eafe4100e4625ced482caf2cdf6b4465927d8fb138bebaeff652d6afa0fbfd03ea03cf70e80bd95ade41443b85bfa1c56f770f123ba3666412cc2c6997de49e90d7d9fa1722894d6c4f7dfa349e9a9c400eb59b4ce4f6a64763359ed1bf2327f552052070bd4bd2fc1a816e8eddf72645e7fb0ef10bf9c5dee2b386ee2258c99f8ec5b91d8e043b9411870c6f02d2df7863359e46e732e3ffc398993a232d812f934737c503f9d3532d4126c72d5dabf8ff9d6da214fb9571ad180935cb6d01ec1404c85346d9ca858adff2a8ae87ae2d9b99c3ea1557a801703bade1d349410304dfaca488cd5b90086dbee91d60c7dba504721fd54b38fa0835cf70b2f48837430476d5fe8349ad1f2f38":"00e17befd66905acec575c87804c61c047abc9a724db6337e34975980eb0395cf4da8c956c823fa23c52b901bb58a9d26eff282dc6a0f588d71a1636bb919ca1d564f400d7a8e909cc9c59cbaf18f09d5a2101a7afd32687657a3cd1b00148cc84411ff3f07609acc8c07eed678162d1d69280f1072674dfc1d6819d45d8710e2be12402b06b846d68f4088895ce64243f24156c1be33031dac21fb60916ebfdc3939a6bcb012c66c7ef748e30f43bcc08e13c5dea85703a4928166501bb1eec25e61ba5c187531bd982fb310e56656cadfe4f7f756c8b71062388d50cbb70a7d07220912891c4c736ef1ec6390d4bc12803f20c8f1ffa7f41996ce3c8ab792753165fc25d2c1b373f5664c38ed688b4d096a34bf2669e8245bb55ad4c0ad51206fd082969bef351c271b103aa1592889536a2b9ed18e02035a457735317bdca6b7f7104af64d30270c732cfff302d7b82c1a602f16194ea62290c1ed35e93911a62743b3d1bee83c01669320408f2219f2d53c926acf014150ab47ddcee73c6159b368ab26f4da25c5440f79fb898473bdc2b7c333cff7cc5f8332b43ba1a49c327bc5b5ad9459afabf5e9c8421cee51ec0a6821e7af83af0ba2857ef2dd1417b250e2e1e14045883a26e3c70404c53998daf94d8452ade76e0e886324cc6301cdd40d04be33c59ba11bb7e5ef62186647d3891b221bd955e109f5b9b3dc625b44cbc3359e8b2dc4b90171d4a0a47537e095e0108827b3228e6ba325e935a2eb2eb82985443c7691ac208d55ca8d7200adef6c9b9e224190f672efbba75554a4c72af539c70d0bb7af67ada46a2c46311a91bd67d7ce724581695f6b4b2c0a58cd23b84873a76556bf573e447fcf583395895600aca30340ba327b44df33b1aa5c51f515c542c37fd9dba35534f94383300c23ceb8426e46ada509e03dd06fc2ea3fc6b973ef02dd6cb6adc36d76158c21dd8975c0eaa3d50082b53d328acd5894a1229c27aabd513ff6d8de6e2e780ef8342182182f85a89e6697452166f4e012a6f3f137c8d2a5e279e1f490995d9618f177acfac9f16f65bb89c2087e7b5" +key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"8bc903e9b5b0742e86d657f64082205c1d50268b8d1d9260e5474e8b686e63adfab13484cc24e35b6f43f5e998fcd7d92c4aece9eb30b0f51b7a2200911e6d38b41da23f04e37697b6a7ac053d15676b75538aefb6693be8eda8b7d07b7611fbc9673e98d8580131cd3462d8851ab00f5831497cb89b4fdfd597a4fc84a9fe1a28ca3ceb17b70334af2414fff73584f2a21fda89c10e2b23a4b454ea4cd6d901312e52a557d45b9350dc8e8b08eb31a73095f014efebf1336ea2c4938fd477f90da212c92eeba483d784b377514c3afb7e34f8dbd6d4ca281aa0bb9167d6d96894b225deccfee7453739becb849c1f381720a59836df967d6525876509515014e46b0a8b27afd304b5db238dfdbe14afb8fb1433b05a00654abede04978f84116e4e3e3a6bdc9ef558dbc1a9cc5c5ba1ee4bd8654845f04106d3b1b48b3208d109aa96609cad246e543d94683b8963e13597dc4aec21b0959e7e6d73efc91ff2b9b52f0e9189f0619264b9893f9289dd8e9bd6d3cbccf079ab8fbd525151e704bd517ee8f29505046620048a684883e6fb858ce7b9e72ea35ae4ad7ded04f39e37a3056b6b695ef2032cb5cf99e22ce5500ba0315aff86516c42b1288c94b46dc0548c7ba07c2b2ca8423b9ba4782c1d4626589ae2b325917484f8eda07f2071276d3fb78bb71a5c501396302eacd1b07b28487c580c5ec5be236e1ad4fcc434325b24a2409c236a85f7b9e0e66f6548a1814c519919d8215b0370b9b3256aa10a28a05f0d2265f6fa7842dfbc67c8f32e9fe12d0df647665ba9809349e5ef6911a4755330d004de03e598cbd7e2b80c259d9d66050177df8984263a7c53abb5ea3157945b727fbf1866649260e321a7ad5eaea41639b35ed6e98b74ab679eab93e5873857342fbb55cda604f57222555631741aa97d74b5eff885aa45ce5a25d34841aa0ea4ea317267e86c45f713c81c3de81cd6eb252053544a5dcacd9f7388704bda8acf83276975f03bffd403eaf199a7a1367d2e6b40c7d94e23679b6520eb40b5d61f5f56c6939f21a4f1dc00f13b5cdcaaf827c760a6e4a9c5601961":"b3795eb1aead05ed8b950e0a00fa12ac0ce4679e6f7715ffd8b5df04e5b068c82210482d3a377b224dc7aec1dfb7e4d635b9fbc22a5534b6a4cb50d3c39cd0dd5e0ec45ea69a3296b83ce89b5cc0c5e15e4934212e8c33ed23939912d0cd738eaa949f763450d5a07fb1540207065f1159a55af7f80bc48c49f88164cd4492b0020902c78295dacfe593fedc1914ddefebf45b5eccd6830681a80c853a3f2389798c391aab3baafd578ad0bf0dfe5b63fd05835e215c6850c0f61e48698053fec9281f0a11b45cc4e259b310a9720456c481031e0467401afeade395ab9b664d9fdb42f953aaf9fb6501c2e105868201ef26d58d31d473c676c751bd892a84a59441f92f7b6ba49a7e385b3d13f806e701a7c339d37e5596414631ed95908c7118f45250acb68f6f2d9ea4bfcb85dc75d21a03a5dc2b86d41cc55753a72a185ce94d20cb897f8759b4ba41e56fe9cf6edf7ee733581589b319e85300b7f479b093030e2d345584e2934dafddda62701404b628b2f25a15992b7ded6271fecb37b817316a908ede803285da3b57986196d59b164692384d469c09b4551b37862d588294a022db7deca641ae90f9a96d75612d55b673213419a450f7ccf78a2fdad291f6c905b5e1a0bbe90baec1c2706d7d81ea8f6d68d350004ea00f24009f6121650547e84b3edb66d969af206f5011ededee736eafe4100e4625ced482caf2cdf6b4465927d8fb138bebaeff652d6afa0fbfd03ea03cf70e80bd95ade41443b85bfa1c56f770f123ba3666412cc2c6997de49e90d7d9fa1722894d6c4f7dfa349e9a9c400eb59b4ce4f6a64763359ed1bf2327f552052070bd4bd2fc1a816e8eddf72645e7fb0ef10bf9c5dee2b386ee2258c99f8ec5b91d8e043b9411870c6f02d2df7863359e46e732e3ffc398993a232d812f934737c503f9d3532d4126c72d5dabf8ff9d6da214fb9571ad180935cb6d01ec1404c85346d9ca858adff2a8ae87ae2d9b99c3ea1557a801703bade1d349410304dfaca488cd5b90086dbee91d60c7dba504721fd54b38fa0835cf70b2f48837430476d5fe8349ad1f2f38":"00e17befd66905acec575c87804c61c047abc9a724db6337e34975980eb0395cf4da8c956c823fa23c52b901bb58a9d26eff282dc6a0f588d71a1636bb919ca1d564f400d7a8e909cc9c59cbaf18f09d5a2101a7afd32687657a3cd1b00148cc84411ff3f07609acc8c07eed678162d1d69280f1072674dfc1d6819d45d8710e2be12402b06b846d68f4088895ce64243f24156c1be33031dac21fb60916ebfdc3939a6bcb012c66c7ef748e30f43bcc08e13c5dea85703a4928166501bb1eec25e61ba5c187531bd982fb310e56656cadfe4f7f756c8b71062388d50cbb70a7d07220912891c4c736ef1ec6390d4bc12803f20c8f1ffa7f41996ce3c8ab792753165fc25d2c1b373f5664c38ed688b4d096a34bf2669e8245bb55ad4c0ad51206fd082969bef351c271b103aa1592889536a2b9ed18e02035a457735317bdca6b7f7104af64d30270c732cfff302d7b82c1a602f16194ea62290c1ed35e93911a62743b3d1bee83c01669320408f2219f2d53c926acf014150ab47ddcee73c6159b368ab26f4da25c5440f79fb898473bdc2b7c333cff7cc5f8332b43ba1a49c327bc5b5ad9459afabf5e9c8421cee51ec0a6821e7af83af0ba2857ef2dd1417b250e2e1e14045883a26e3c70404c53998daf94d8452ade76e0e886324cc6301cdd40d04be33c59ba11bb7e5ef62186647d3891b221bd955e109f5b9b3dc625b44cbc3359e8b2dc4b90171d4a0a47537e095e0108827b3228e6ba325e935a2eb2eb82985443c7691ac208d55ca8d7200adef6c9b9e224190f672efbba75554a4c72af539c70d0bb7af67ada46a2c46311a91bd67d7ce724581695f6b4b2c0a58cd23b84873a76556bf573e447fcf583395895600aca30340ba327b44df33b1aa5c51f515c542c37fd9dba35534f94383300c23ceb8426e46ada509e03dd06fc2ea3fc6b973ef02dd6cb6adc36d76158c21dd8975c0eaa3d50082b53d328acd5894a1229c27aabd513ff6d8de6e2e780ef8342182182f85a89e6697452166f4e012a6f3f137c8d2a5e279e1f490995d9618f177acfac9f16f65bb89c2087e7b5" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256 diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index 9270b5f81c..db2ac334cb 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -9719,10 +9719,10 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void raw_key_agreement(int alg_arg, - int our_key_type_arg, data_t *our_key_data, - data_t *peer_key_data, - data_t *expected_output) +void key_agreement(int alg_arg, + int our_key_type_arg, data_t *our_key_data, + data_t *peer_key_data, + data_t *expected_output) { mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t alg = alg_arg; @@ -9731,6 +9731,8 @@ void raw_key_agreement(int alg_arg, unsigned char *output = NULL; size_t output_length = ~0; size_t key_bits; + mbedtls_svc_key_id_t shared_secret_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t shared_secret_attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT(psa_crypto_init()); @@ -9758,9 +9760,27 @@ void raw_key_agreement(int alg_arg, &output_length)); TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); + + mbedtls_platform_zeroize(output, expected_output->len); + output_length = 0; + + psa_set_key_type(&shared_secret_attributes, PSA_KEY_TYPE_DERIVE); + psa_set_key_usage_flags(&shared_secret_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT); + psa_set_key_algorithm(&shared_secret_attributes, PSA_ALG_ECDH); + + PSA_ASSERT(psa_key_agreement(our_key, peer_key_data->x, peer_key_data->len, + alg, &shared_secret_attributes, &shared_secret_id)); + + PSA_ASSERT(psa_export_key(shared_secret_id, output, expected_output->len, &output_length)); + + TEST_MEMORY_COMPARE(output, output_length, + expected_output->x, expected_output->len); + mbedtls_free(output); output = NULL; output_length = ~0; + psa_destroy_key(shared_secret_id); + shared_secret_id = MBEDTLS_SVC_KEY_ID_INIT; /* Larger buffer */ TEST_CALLOC(output, expected_output->len + 1); @@ -9770,9 +9790,24 @@ void raw_key_agreement(int alg_arg, &output_length)); TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); + + mbedtls_platform_zeroize(output, expected_output->len + 1); + output_length = 0; + + psa_set_key_bits(&shared_secret_attributes, (expected_output->len + 1) * 8); + PSA_ASSERT(psa_key_agreement(our_key, peer_key_data->x, peer_key_data->len, + alg, &shared_secret_attributes, &shared_secret_id)); + + PSA_ASSERT(psa_export_key(shared_secret_id, output, expected_output->len + 1, &output_length)); + + TEST_MEMORY_COMPARE(output, output_length, + expected_output->x, expected_output->len); + mbedtls_free(output); output = NULL; output_length = ~0; + psa_destroy_key(shared_secret_id); + shared_secret_id = MBEDTLS_SVC_KEY_ID_INIT; /* Buffer too small */ TEST_CALLOC(output, expected_output->len - 1); @@ -9783,11 +9818,27 @@ void raw_key_agreement(int alg_arg, PSA_ERROR_BUFFER_TOO_SMALL); /* Not required by the spec, but good robustness */ TEST_LE_U(output_length, expected_output->len - 1); + + mbedtls_platform_zeroize(output, expected_output->len - 1); + output_length = 0; + + psa_set_key_bits(&shared_secret_attributes, (expected_output->len - 1) * 8); + TEST_EQUAL(psa_key_agreement(our_key, peer_key_data->x, peer_key_data->len, + alg, &shared_secret_attributes, &shared_secret_id), + PSA_ERROR_BUFFER_TOO_SMALL); + +#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) + TEST_EQUAL(shared_secret_id, PSA_KEY_ID_NULL); +#else + TEST_EQUAL(shared_secret_id.key_id, PSA_KEY_ID_NULL); +#endif + mbedtls_free(output); output = NULL; exit: mbedtls_free(output); + psa_destroy_key(shared_secret_id); psa_destroy_key(our_key); PSA_DONE(); } From cb0ed88df1b2cfc28d68746e4fdb0fd5a3648050 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Tue, 13 Aug 2024 11:49:04 +0100 Subject: [PATCH 118/124] Add change log entry for adding psa_key_agreement() API Signed-off-by: Waleed Elmelegy --- ChangeLog.d/add-psa-key-agreement.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/add-psa-key-agreement.txt diff --git a/ChangeLog.d/add-psa-key-agreement.txt b/ChangeLog.d/add-psa-key-agreement.txt new file mode 100644 index 0000000000..771e6e2602 --- /dev/null +++ b/ChangeLog.d/add-psa-key-agreement.txt @@ -0,0 +1,3 @@ +Features + * Add a new psa_key_agreement() PSA API to perform key agreement and return + an identifier for the newly created key. From 8faeee24ae34ca4e6b164a85dfea4809a02c5f80 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 14 Aug 2024 16:35:47 +0100 Subject: [PATCH 119/124] Improve documentation of psa_key_agreement() Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/include/psa/crypto.h | 56 ++++++++++++++++++------------ 1 file changed, 33 insertions(+), 23 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index 7a8dc6db02..a07a86b904 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4049,12 +4049,6 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, size_t *output_length); /** Perform a key agreement and return the shared secret as a derivation key. - * - * \warning The shared secret resulting from a key agreement algorithm such as - * finite-field Diffie-Hellman or elliptic curve Diffie-Hellman has biases. - * This makes it unsuitable for use as key material, for example, as an AES key. - * Instead, it is recommended that a key derivation algorithm is applied to the - * result, to derive unbiased cryptographic keys. * * \param private_key Identifier of the private key to use. It must * allow the usage #PSA_KEY_USAGE_DERIVE. @@ -4068,22 +4062,38 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg) * is true). - * \param[in] attributes The attributes for the new key. + * \param[in] attributes The attributes for the new key. This function uses + * the attributes as follows: + * * The key type must be one of #PSA_KEY_TYPE_DERIVE, + * #PSA_KEY_TYPE_RAW_DATA, #PSA_KEY_TYPE_HMAC, or + * #PSA_KEY_TYPE_PASSWORD. + * * The size of the returned key is always the + * bit-size of the shared secret, rounded up + * to a whole number of bytes. The key size in + * attributes can be zero; if it is nonzero, it + * must be equal to the output size of the key + * agreement, in bits. + * The output size, in bits, of the key agreement + * is 8 * PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(type, bits), + * where type and bits are the type and bit-size of + * private_key. + * * The key permitted-algorithm policy is required for + * keys that will be used for a cryptographic operation. + * * The key usage flags define what operations are + * permitted with the key. + * * The key lifetime and identifier are required + * for a persistent key. * \param[out] key On success, an identifier for the newly created * key. #PSA_KEY_ID_NULL on failure. * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. * \retval #PSA_ERROR_INVALID_HANDLE * \p private_key is not a valid key identifier. * \retval #PSA_ERROR_NOT_PERMITTED * \p private_key does not have the PSA_KEY_USAGE_DERIVE flag, * or it does not permit the requested algorithm. - * The implementation does not permit creating a key with the specified attributes - * due to some implementation-specific policy. * \retval #PSA_ERROR_ALREADY_EXISTS * This is an attempt to create a persistent key, and there is already * a persistent key with the given identifier. @@ -4093,19 +4103,19 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, * or \p peer_key is not valid for \p alg or not compatible with * \p private_key. * The output key attributes in \p attributes are not valid: - * The key type is not valid for key agreement output. - * The key size is nonzero, and is not the size of the shared secret. - * The key lifetime is invalid. - * The key identifier is not valid for the key lifetime. - * The key usage flags include invalid values. - * The key’s permitted-usage algorithm is invalid. - * The key attributes, as a whole, are invalid. + * * The key type is not valid for key agreement output. + * * The key size is nonzero, and is not the size of the shared secret. + * * The key lifetime is invalid. + * * The key identifier is not valid for the key lifetime. + * * The key usage flags include invalid values. + * * The key’s permitted-usage algorithm is invalid. + * * The key attributes, as a whole, are invalid. * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not a supported key agreement algorithm. - * \p private_key is not supported for use with alg. - * The output key attributes, as a whole, are not supported, - * either by the implementation in general or in the specified - * storage location. + * * \p alg is not a supported key agreement algorithm. + * * \p private_key is not supported for use with alg. + * * The output key attributes, as a whole, are not supported, + * either by the implementation in general or in the specified + * storage location. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription From d1562407c390f544329e8bbb721d836a280eaed3 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 14 Aug 2024 16:40:25 +0100 Subject: [PATCH 120/124] Fix possible issues in testing and implementation of psa_key_agreement() Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/core/psa_crypto.c | 34 +++-------------- .../suites/test_suite_psa_crypto.function | 38 +++++-------------- 2 files changed, 16 insertions(+), 56 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index e987625341..fd05128466 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -7711,14 +7711,8 @@ psa_status_t psa_key_agreement(mbedtls_svc_key_id_t private_key, uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE]; size_t shared_secret_len; psa_key_type_t key_type; - size_t key_size = PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE; - psa_algorithm_t key_alg; -#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - *key = PSA_KEY_ID_NULL; -#else - key->key_id = PSA_KEY_ID_NULL; -#endif + *key = MBEDTLS_SVC_KEY_ID_INIT; key_type = psa_get_key_type(attributes); if (key_type != PSA_KEY_TYPE_DERIVE && key_type != PSA_KEY_TYPE_RAW_DATA @@ -7726,31 +7720,15 @@ psa_status_t psa_key_agreement(mbedtls_svc_key_id_t private_key, return PSA_ERROR_INVALID_ARGUMENT; } - key_alg = psa_get_key_algorithm(attributes); - if (key_alg != PSA_ALG_ECDH && key_alg != PSA_ALG_FFDH) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (psa_get_key_bits(attributes) != 0) { - key_size = PSA_BITS_TO_BYTES(psa_get_key_bits(attributes)); - } - status = psa_raw_key_agreement(alg, private_key, peer_key, peer_key_length, shared_secret, - key_size, &shared_secret_len); + sizeof(shared_secret), &shared_secret_len); - if (status == PSA_SUCCESS) { - - psa_key_attributes_t shared_secret_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_type(&shared_secret_attributes, key_type); - psa_set_key_usage_flags(&shared_secret_attributes, psa_get_key_usage_flags(attributes)); - psa_set_key_algorithm(&shared_secret_attributes, key_alg); - psa_set_key_lifetime(&shared_secret_attributes, psa_get_key_lifetime(attributes)); - psa_set_key_bits(&shared_secret_attributes, shared_secret_len * 8); - - status = psa_import_key(&shared_secret_attributes, shared_secret, - shared_secret_len, key); + if (status != PSA_SUCCESS) { + return status; } + status = psa_import_key(attributes, shared_secret, shared_secret_len, key); + return status; } diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index db2ac334cb..cee73b0861 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -9733,6 +9733,7 @@ void key_agreement(int alg_arg, size_t key_bits; mbedtls_svc_key_id_t shared_secret_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t shared_secret_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t output_attributes; PSA_ASSERT(psa_crypto_init()); @@ -9761,12 +9762,11 @@ void key_agreement(int alg_arg, TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); - mbedtls_platform_zeroize(output, expected_output->len); + memset(output, 0, expected_output->len); output_length = 0; psa_set_key_type(&shared_secret_attributes, PSA_KEY_TYPE_DERIVE); psa_set_key_usage_flags(&shared_secret_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT); - psa_set_key_algorithm(&shared_secret_attributes, PSA_ALG_ECDH); PSA_ASSERT(psa_key_agreement(our_key, peer_key_data->x, peer_key_data->len, alg, &shared_secret_attributes, &shared_secret_id)); @@ -9776,6 +9776,14 @@ void key_agreement(int alg_arg, TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); + PSA_ASSERT(psa_get_key_attributes(shared_secret_id, &output_attributes)); + + TEST_EQUAL(PSA_BITS_TO_BYTES(psa_get_key_bits(&output_attributes)), + expected_output->len); + TEST_EQUAL(psa_get_key_type(&output_attributes), PSA_KEY_TYPE_DERIVE); + TEST_EQUAL(psa_get_key_usage_flags(&output_attributes), + PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT); + mbedtls_free(output); output = NULL; output_length = ~0; @@ -9791,18 +9799,6 @@ void key_agreement(int alg_arg, TEST_MEMORY_COMPARE(output, output_length, expected_output->x, expected_output->len); - mbedtls_platform_zeroize(output, expected_output->len + 1); - output_length = 0; - - psa_set_key_bits(&shared_secret_attributes, (expected_output->len + 1) * 8); - PSA_ASSERT(psa_key_agreement(our_key, peer_key_data->x, peer_key_data->len, - alg, &shared_secret_attributes, &shared_secret_id)); - - PSA_ASSERT(psa_export_key(shared_secret_id, output, expected_output->len + 1, &output_length)); - - TEST_MEMORY_COMPARE(output, output_length, - expected_output->x, expected_output->len); - mbedtls_free(output); output = NULL; output_length = ~0; @@ -9819,20 +9815,6 @@ void key_agreement(int alg_arg, /* Not required by the spec, but good robustness */ TEST_LE_U(output_length, expected_output->len - 1); - mbedtls_platform_zeroize(output, expected_output->len - 1); - output_length = 0; - - psa_set_key_bits(&shared_secret_attributes, (expected_output->len - 1) * 8); - TEST_EQUAL(psa_key_agreement(our_key, peer_key_data->x, peer_key_data->len, - alg, &shared_secret_attributes, &shared_secret_id), - PSA_ERROR_BUFFER_TOO_SMALL); - -#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - TEST_EQUAL(shared_secret_id, PSA_KEY_ID_NULL); -#else - TEST_EQUAL(shared_secret_id.key_id, PSA_KEY_ID_NULL); -#endif - mbedtls_free(output); output = NULL; From e25cb1bcda1de46c92c90a158f37ea75ef2651d7 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Wed, 14 Aug 2024 16:55:56 +0100 Subject: [PATCH 121/124] Fix formatting issue in psa_key_agreement() documentation Signed-off-by: Waleed Elmelegy --- tf-psa-crypto/include/psa/crypto.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h index a07a86b904..aa58033a01 100644 --- a/tf-psa-crypto/include/psa/crypto.h +++ b/tf-psa-crypto/include/psa/crypto.h @@ -4098,11 +4098,11 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, * This is an attempt to create a persistent key, and there is already * a persistent key with the given identifier. * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p alg is not a key agreement algorithm, or - * \p private_key is not compatible with \p alg, - * or \p peer_key is not valid for \p alg or not compatible with - * \p private_key. - * The output key attributes in \p attributes are not valid: + * * \p alg is not a key agreement algorithm. + * * \p private_key is not compatible with \p alg. + * * \p peer_key is not valid for \p alg or not compatible with + * \p private_key. + * * The output key attributes in \p attributes are not valid: * * The key type is not valid for key agreement output. * * The key size is nonzero, and is not the size of the shared secret. * * The key lifetime is invalid. From b5df9d8b658c2dbd588b4a604b3574dca9bbaac3 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 22 Aug 2024 16:10:10 +0000 Subject: [PATCH 122/124] Add chanelog entry for fixing legacy comprssion methods issue Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-legacy-compression-issue.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/fix-legacy-compression-issue.txt diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt new file mode 100644 index 0000000000..e51ee24a9b --- /dev/null +++ b/ChangeLog.d/fix-legacy-compression-issue.txt @@ -0,0 +1,7 @@ +Bugfix + * Fix an issue where ssl_tls13_parse_client_hello() assumed legacy_compression_methods + length would always be zero, which is true for TLS 1.3. However, with TLS 1.3 enabled + by default, all ClientHello requests (including TLS 1.2 requests) are initially + processed by ssl_tls13_parse_client_hello() before being passed to the TLS 1.2 + parsing function. This caused an issue where legacy_compression_methods + might not be zero for TLS 1.2 requests, as it is processed earlier. From 65e73c88bdf76325a3b01a47fc23dd8501f3f573 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 22 Aug 2024 16:27:27 +0000 Subject: [PATCH 123/124] Improve the changelog entry for fixing legacy compression issue Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-legacy-compression-issue.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt index e51ee24a9b..8b2fe23369 100644 --- a/ChangeLog.d/fix-legacy-compression-issue.txt +++ b/ChangeLog.d/fix-legacy-compression-issue.txt @@ -1,7 +1,7 @@ Bugfix - * Fix an issue where ssl_tls13_parse_client_hello() assumed legacy_compression_methods - length would always be zero, which is true for TLS 1.3. However, with TLS 1.3 enabled - by default, all ClientHello requests (including TLS 1.2 requests) are initially - processed by ssl_tls13_parse_client_hello() before being passed to the TLS 1.2 - parsing function. This caused an issue where legacy_compression_methods - might not be zero for TLS 1.2 requests, as it is processed earlier. + * Fix an issue where TLS 1.2 clients who send a ClientHello message with + legacy_compression_methods get a failure in connection because TLS 1.3 + is enabled by default and the server rejects the ClientHello packet as + malformed for TLS 1.3 in a way that stops the fallback to TLS 1.2. + fixes #8995, #9243. + From 344f79bde6d3d38d20485337816b608b4ade6861 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 22 Aug 2024 16:33:17 +0000 Subject: [PATCH 124/124] Reduce the wording in changelog entry Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-legacy-compression-issue.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/fix-legacy-compression-issue.txt b/ChangeLog.d/fix-legacy-compression-issue.txt index 8b2fe23369..2549af8733 100644 --- a/ChangeLog.d/fix-legacy-compression-issue.txt +++ b/ChangeLog.d/fix-legacy-compression-issue.txt @@ -1,7 +1,6 @@ Bugfix - * Fix an issue where TLS 1.2 clients who send a ClientHello message with - legacy_compression_methods get a failure in connection because TLS 1.3 - is enabled by default and the server rejects the ClientHello packet as - malformed for TLS 1.3 in a way that stops the fallback to TLS 1.2. + * Fixes an issue where some TLS 1.2 clients could not connect to an + Mbed TLS 3.6.0 server, due to incorrect handling of + legacy_compression_methods in the ClientHello. fixes #8995, #9243.